Service Desk 0300 300 2212

Cloud Security?

A panel session compared the security issues of cloud computing against those of running systems in-house. Cloud computing - defined by the Burton Group as the collection of disciplines, technologies and business models required to make IT an on-demand, scalable and elastic service - is a popular response to the challenges of operating IT systems that are expensive to buy, power and support and, though essential, may not be core business anyway. Outsourcing is therefore a natural option to consider but public cloud systems raise particular issues because they are dynamic, shared between multiple organisations and often run by relatively new organisations of unknown long-term viability. There may also be regulatory issues around export of personal information, breach of contract if services are unreliable and loss of control of e-discovery processes.

However it should not be forgotten that in-house systems can also fail, lose information and be misused: comparisons should be realistic. Organisations should be aware whether they, the cloud provider, or both control each layer of the service from hardware, operating system, application to data, and how this compares to alternative platforms. Clouds may offer less scope for measures to prevent failure or misuse, so organisations should compensate by improving their monitoring for these events and ability to respond to them. Rules of engagement on location and control of infrastructure, applications and data should be set *before* they move to a cloud rather than after. In particular organisations should look ahead and avoid developing applications for a cloud if it is not possible to provide the service level that will be needed for eventual production use.

The panel concluded that clouds could well be a viable option for some requirements, but that organisations should consider carefully whether a fully public cloud was appropriate or, particularly for sensitive data or critical applications, whether using the same technologies in-house could deliver similar benefits at lower risk.

Andrew Cormack - ISSE conference in Scheveningen, Netherlands, 6-8 October 2009 (http://www.isse.eu.com/)

 

 

 

 

Privacy Policy | Web Admin
JANET(UK), Lumen House, Library Avenue
Harwell Oxford, Didcot, Oxfordshire
OX11 0SG

 

"));