By Craig Robinson
Companies cite concern for data security as one of the primary reasons why they avoid cloud-based hosted infrastructure. Recent events, such as the Google-versus-China incident and ongoing reporting on probes against government computer systems, reinforce the fact that companies must understand and address IT security. Data security is a real concern whether the context is the Internet, a cloud-based solution, or a private network.
I see a growing market need for IT infrastructure to be deployed in the cloud. As previously discussed in this blog and in many other forums, this need is driven largely by a desire to improve operating efficiencies and, ultimately, maximize financial performance and competitive advantage. However, realizing these advantages often requires that companies recognize and adapt to the paradigm shift inherent in moving to an off-premises, hosted model for some aspects of their IT operations.
The situation is analogous to the early days of email. As recently as the late 1990s, many companies still refused to implement email systems, citing security concerns. Does this sound familiar? However, people, technology, policy, and process solutions swept away the most basic concerns and the situation quickly evolved into the one we recognize today:
- Companies must be careful.
- There are solutions available to help them exercise that care.
- Risk management is alive and well.
- Most companies operate safely in the Internet era.
In fact, had companies not embraced email they would have been left behind by their competitors. (Paper is so 1980s.)
The advantages of hosted, cloud-based solutions are so compelling that many, if not most, companies are strongly considering them and will adopt cloud-based infrastructure to some extent in the coming years. Some recent articles even suggest that many companies already are using cloud-based infrastructure to a larger extent than they may realize. In fact, the term “cloud” can be misleading in many cases. An IT cloud implemented via private or shared, but not public, infrastructure is only partly analogous to a meteorological cloud. These IT clouds are purposely formed and operated, and companies can choose how to manage and secure them. Well-established hosting providers (Rackspace and Amazon come to mind immediately) have a global business base and sustained track record of delivering these dedicated environments for enterprises (which is why they are well-established—and growing).
So, to answer the question, “Am I just paranoid?”: You’re not. Public cloud networks are known to be almost entirely inappropriate for exchanging private or otherwise sensitive data. Such networks can be more easily probed, sniffed, and otherwise mistreated by a wide range of people with bad intentions. However, private or appropriately shared cloud infrastructure is a different story. They provide organizations with control over how to deploy, manage, and secure their IT infrastructure and services. And, depending on your business, a private cloud could be an ideal environment for some portion of your on-premise IT solutions today. No security guarantees exist in cyberspace, nor do they exist in your own internal IT shop—and you may be surprised to learn which approach makes you a bigger cyber target.
