"Data goes from physician offices to our servers directly," he says. "Even though it's in a cloud, it doesn't leave our servers or the physicians', which is good for security and privacy."
Few companies are putting critical data into public clouds now, partly because they're nervous about doing it, partly because neither their structured nor unstructured data has yet been converted to function well in services-oriented environments such as the cloud, according to Mark Bowker, analyst of Enterprise Strategy Group.
The potential cost-savings of the cloud will add to the pressure for end-user companies to convert to more SOA-friendly formats, Bowker says.
A Solution for Tracking and Securing Data
Technology that does provide centralized control is not under development, however, Wolf says. Wolf and his Burton colleagues have proposed development of an infrastructure authority, or IA--a database, directory and security application all in one, designed to create security that can travel along with specific parts of data and help its owners keep control over it no matter where it resides.
In the cloud, data from several locations could 'reside' next to each other, sharing user access controls, audit and security policies, but actually be stored within a company's own data centers co-location facilities or publicly available data centers.
Without a set of metadata that can track the real and virtual location of that data, as well as its related security information, orchestration, federation and control of that data is, at best, extremely difficult, Wolf says.
"If a tool wants to place an object somewhere within a cloud infrastructure, there needs to be a central place where it can check to make sure the physical location offers the necessary resources (compute, memory, networking and storage I/O) and security policy isn't violated in the process, among other concerns. We don't need to re-invent the wheel. Instead, we need to take existing virtual infrastructure management databases and evolve them so that they can act as the central authority for all infrastructure decisions," Wolfe wrote in a blog on the topic.
Burton Group, and its new owner, Gartner Group, plan a series of reports explaining and promoting the idea of the IA later this spring, Wolf says. Industry organizations such as the DMTF, Cloud Security Alliance and Storage Networking Industry Association's Cloud Storage Initiative are working on various aspects of the problem, but haven't cracked it yet, Wolf says.
Sign up for CIO Asia eNewsletters.