Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Clearing the cloud haze

Rodney Byfield | Aug. 13, 2013
Much of the "innovation" in cloud is in the sales pitch and not the service itself.

Okay, so that's all good and great. I get that the public love Facebook on a phone, that the Twitter-verse needs an update and that I can carry my music in my pocket. But what are the questions we, as an industry, should be asking about cloud?

The fact is that consumer solutions and corporate or enterprise solutions have, at the core, very different focus points. While I agree that, at some level, they are starting to merge through initiatives such as bring-your-own-device but there will always be the responsibility caveat for the enterprise that contains the issue of privacy and security.

Most salespersons, at this stage, would start berating me with features/mobile access/ease of use and all the support options. Three of those options should be supplied regardless of the pitch but the support option is one that is very important, alongside some others, which I have listed below:

Picking on cloud security
This tends to be a lengthy conversation and very quickly gets into severe tech speak, with bits flying and adding up all over the place until you have a 2048-bit twice encrypted "how to make a sandwich.docx" that apparently is spread across data-centres from Amsterdam to Australia.

Accordingly safety is said to be in the sandwich spread. In theory, it's very hard to piece it all back together due to the location diversity. Somehow the portal that you use seems to be able to tie all that remote diverse information together in millisecond — something that a hacker would have no hope of doing (You hope).

Levels of security might not be a huge issue for some but with the Australian standards on privacy (and I'm sure many countries have similar) it is going to become necessary to prove how secure your data is in the cloud. This will require service levels and non-disclosure agreements that dictate what happens to your data in the cloud.

Physical access to the cloud
Who exactly has physical and/or remote access to my data (when it's between Amsterdam and Australia)? This is a question that the Google rep couldn't answer — and I think even Apple and the iCloud would rather walk away than work this one out.

The fact is that physical access is one of the worst kinds of security risks. If I don't know who and how many people have physical access then how can I determine the risk? I have no control over the people or persons employed by the cloud provider, this leads me to do more digging.

One of the more important questions that had developed when I was considering physical access is, "Who owns the data centres?" I quickly realised after asking a few cloud vendors that several rented or leased rack space and data centres from other providers. This adds an entirely different perspective on who has physical access.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.