Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Secrecy of cloud computing providers raises IT security risks

Ellen Messmer | July 7, 2010
Despite how attractive cloud computing can sound as an outsourcing option, there's widespread concern that it presents a security and legal minefield for businesses and government.

But not all organizations have found they fret over contracts.

Lincoln Cannon, director of Web systems at Merit Medical Systems, said the manufacturer has taken a few steps into cloud computing with Google Apps and Telania's eLeap for sales training, as well as Amazon for development work related to a new corporate Web site.

The providers' boilerplate legal agreements were given to the legal department, which redlined them and went back and forth until both partners were satisfied, Cannon said. "The legal team was perfectly happy with Google Apps," he said. The most concern over cloud computing probably came from the CIO because of his data-protection responsibilities related to Sarbanes-Oxley regulations, Cannon said.

Not all cloud service providers harp on secrecy, either.

Cloud infrastructure services provider ReliaCloud has two data centers in the Minneapolis/St. Paul area, and has about 100 cloud customers using its new VMware-based environment built on a management platform designed by Cloud.com, said CTO Jason Baker.

However, most of the hosting provider's 5,000 customers continue to use the more traditional method the firm offers that entails use of dedicated servers in cages, Baker said. The idea of cloud computing is still very new and customers are still trying to understand what's different. But Baker said he's convinced a shared-tenant virtual-machine-based cloud service carries some inherent security attributes in terms of high availability that can't be matched by dedicated servers.

"It's more reliable," he said. "If your application is running on one physical box, the customer would experience downtime. But in a cloud, we have a pool of virtual machines, and if one physical node goes down, we would automatically start somewhere else in the cloud." In addition, he said, use of some APIs in the future could allow customers' applications to sense when an increase in computing power is needed and execute that at once.

Unlike some cloud providers, Baker will willingly tell you about security defenses in use, such as the Cisco ASA firewall.

The question for customers is how far the public cloud providers are going to pull back the kimono, said HP's chief security strategist Chris Whitener. "You should sort of insist on that," he said.

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.