The recent cloud controversy is yet another hard example of the importance and reality of security and privacy issues associated with cloud computing. The larger public commodity clouds have been built around the models of over-subscription and resource sharing – all in the name of immediate introduction and uptake. Usually one gets what they pay for, what have we really given up for the low cost (at times free) services?
In the business world, where data security and privacy literally translate into loss of jobs and loss of profits, companies are now looking to mandate and validate the integrity of their data and cloud strategies. A definitive means of exploring the merits of going with the proliferation of large wide scale public cloud based infrastructures to those of the niche private based environments.
A topic that could spark great debate and insight into the formation of what will be our future cross roads no doubt. Saying that, there are some benchmark key thoughts that are worth contemplating.
1. Consumer clouds are not built for business
Typically designed for conveniences and immediate uptake, enterprises require much more security, reliability and availability than consumers do. An example that continues to come up in conversation, what happens if a large public cloud provider decides to suspend or cancel your services due to perceived terms violation? As an individual it would be very disappointing, as a business, it becomes devastating. The risks around storing business data in these clouds (either indirectly via a SaaS or directly via IaaS) need to be very carefully examined and considered.
2. You don’t know where your data is and you don’t know who owns it.
You put your data into a public SaaS and you know it’s in a data center somewhere, but can you find it on a map? Do you know who has access to it? Where does it traverse (jurisdiction)? Who really owns it now? What happens after you delete it? These same questions need to be asked if you are deploying full IaaS VMs.
3. You don’t have any way to know if your data has been breached.
By not being in control of your environment, you’ve immediately given up all the rights associated with it – including knowing who has access to it and if it’s been breached. Unless it has been reposted for the company to find, the breach would typically go unnoticed and give external threats the lead-time to initiate their intentions.
4. You get what you pay for in support.
This is an easy one, low cost disruptive providers have to keep their costs down. Regardless of size, these providers have support structures that do not segregate the sense of urgency from that of an individual to that of a business. Do not kid yourself, there is a difference and you really do not want to experience it when you have your company’s data on the line. Nor would you want to enter the discussion with those your accountable to.
As with all emerging technologies, time does dictate relevance. Exploration and diligence are key in finding out what fits your organization best.