Cloud Security–Another Viewpoint

  • Article

I recently wrote in a post that software as a service (SaaS) providers have economy of scale advantages over traditional IT and that IT must adapt to compete, eventually becoming SaaS providers of their own.  Cloud computing is a catalyst for the rise of SaaS since it nearly eliminates the scale-out infrastructure hurdles.  One commenter stated, “I think security could scupper that plan as Cloud Computing currently means trusting someone else with your data”.  That got me thinking…

What is security?

Faced with a wide spectrum of risks, security is the countermeasures that your company is willing to pay for and implement.

Beyond the traditional security measures employed by IT, such as secured physical locations, firewalls, OS passwords, etc., what makes IT secure?  What really matters to your business?

Hiring trustworthy employees must rank somewhere near the top because ultimately one employee or another needs access to the data.  Social engineering exploits, even at the largest tech companies, prove that when there is a will there is a way.  The bad guy’s will get in.  That doesn’t change with cloud computing.

Assume for the moment that someone can breach any system with enough effort.  Let’s face it, if a helicopter full of commandos lands on your data center’s roof your IT staff will have a hard time keeping them from ripping the hardware from the racks and departing with it.  They’d probably take the guy who knows the passwords along with them too so good luck restoring the backups.  What is your business continuance plan for that?

OK, a commando raid is not likely but can you identify what is?  How about identify what is likely tomorrow? What if you guess wrong, how quickly can you respond?

I think this is an area where cloud providers will excel over traditional IT. Again, it is an economy of scale advantage; the cloud providers have enough economic reason to invest in the people, hardware, and processes it takes to identify and respond to security threats.

Same applies to natural disasters.  I recently attended a presentation in which the Bing team described quickly shifting search workload to other data centers in response to Japan’s earthquake damage.  By following the cloud computing model they can respond quickly even though they have a very low Op’s employee to server ratio.  How long would it take your IT department to shift operations in response to such a widespread disaster?

Taken from a holistic perspective cloud computing might already be more secure in ways that matter to your business.  In any event it will only get better with time.  That is economy of scale power at work.