The consequences of inadequate cloud security

We've talked about the move towards cloud computing in past blog articles, including concerns about lack of control of outages, and to a certain degree concerns around security. Network World brought up the security problem again this week in an article by Tim Greene. He accepts the premise that cloud computing can be beneficial to an organization's bottom line, but he states:

The downside is that businesses choosing to use cloud computing give up direct control of those corporate assets running in the cloud. Data and applications accessed through the cloud is in the cloud, not in a privately held corporate data center where the owner controls everything from the physical security to authentication and authorization to intrusion prevention to firewalling to virus protection.

The consequences of inadequate cloud security are great. The loss of corporate intellectual property is near the top of the list as is loss of corporate reputation should a breach result in public admission that sensitive personal data has been stolen.

For their part, cloud computing providers are aware of the risks and are making efforts to embrace security in a way that reassures their customers. Exactly what the standard should be for those efforts is evolving. So there is a lot to consider when developing strategies for how to use cloud computing and how to use it safely.

The question of whether to move to the cloud remains a tough one for IT administrators. Each will have to balance their needs for reduced costs with the amount of security and control they want to have.