The Curse of Cloud Security

Lately, there's been a lot of talk around the new buzz words, "cloud computing". We've even discussed the issue here on this blog in past articles. The immediate benefits of cloud computing are obvious by letting you simplify your physical IT infrastructure and cut overhead costs. But the problem that seems to keep haunting us is we've only started to see the all of security risks involved.

Network World tackles this topic this week and says:

Putting more of your infrastructure in the cloud has left you vulnerable to hackers who have redoubled efforts to launch denial-of-service attacks against the likes of Google, Yahoo and other Internet-based service providers. A massive Google outage earlier this year illustrates the kind of disruptions cloud-dependent businesses can suffer.

That's one of the big takeaways from the seventh-annual Global Information Security survey, which CSO and CIO magazines conducted with PricewaterhouseCoopers earlier this year. Some 7,200 business and technology executives worldwide responded from a variety of industries, including government, health care, financial services and retail.

Given the expense to maintain a physical IT infrastructure, the thought of replacing server rooms and haphazardly configured appliances with cloud services is simply too hard for many companies to resist. But rushing into the cloud without a security strategy is a recipe for risk. According to the survey, 43 percent of respondents are using cloud services such as software as a service or infrastructure as a service. Even more are investing in the virtualization technology that helps to enable cloud computing. Sixty-seven percent of respondents say they now use server, storage and other forms of IT asset virtualization. Among them, 48 percent actually believe their information security has improved, while 42 percent say their security is at about the same level. Only 10 percent say virtualization has created more security holes.

Security may well have improved for some, but experts like Chris Hoff, director of cloud and virtualization solutions at Cisco Systems, believe that both consumers and providers need to ensure they understand the risks associated with the technical, operational and organizational changes these technologies bring to bear.

The article is a good reminder to make sure we have all of our ducks in a row if you're going to consider cloud computing. Network World asks the difficult question:

When it went down, many companies that have come to rely on its cloud-based business applications (such as e-mail) were dead in the water. ...
"What if you have a breach and you need to leave the cloud? Can you get out if you have to?"