Estimated reading time: 2 mins
Cloud Computing, where the architecture of your technology estate is based upon the integration of third-party technologies and services, is gaining momentum in the industry.
It’s a natural extension of outsourcing where an organization uses technology within it’s own physical boundary (i.e. its data-center) but the technology is owned and operated by the vendor. The reason why organization’s take this up is because they believe that it has economical benefits, and the reason for this is that the technology is ‘metered’, i.e. used on-demand. It also means your organization doesn’t have to hold assets and worry about capital. You just pay for what you use. It’s also based around the service catalog so it integrates with the philosophy of ITIL too. Cool.
Maybe not-so-cool. One of the big downside is data-protection. With this model, it’s really tough to keep control of your data. Not only is this a risk from the perspective that third-parties can access it and potentially use for reasons outside of your knowledge and control, it does create a headache with regulation. Currently, protection is on contractual grounds. But is this enough? Security standards haven’t kept up with this trend and in my experience, they are woefully out of date.
So the question is if you can really afford the cloud if you can’t prevent unauthorized access to your data – which will be far more expensive to your business in terms of regulatory breach or reputational damage in the long-run. The panacea is to separate the application and technology from the data.
There are vendors who have clocked this and are developing products to capture the market against the conceptual solution. One vendor is Vormetric who offer a product suite that secures the data separately from the security of data access. The principle is that your cloud-computing partners can supply and manage the application yet the data is secured and encrypted so that only your employees can use it. Now this is cool.
But it won’t just be about encrypting data thank-you-very-much. I expect IT organizations will have to take a serious look at their software methodologies and development life-cycle to ensure the concept beds in. It needs to be principle-based and considered at the start of a development, not bolted onto the end. The Vormetric product, however, does allow you to leverage off existing applications and infrastructure.
The other issue with cloud computing is with version control. Well, version control if implicit in its model but it is all or nothing. You can’t give some people one version of a service and others a different version easily, or at least meet cloud computing’s economic objectives. However one benefit is that security patches are deployed to everyone once in this model. You shouldn’t find rogue PCs with insecure versions of software lying around, undiscovered.