Save content
Have you found this content useful? Use the button above to save it to your profile.

Beyond The Cloud Hype Is Risk

19th Oct 2011
Save content
Have you found this content useful? Use the button above to save it to your profile.

All I hear these days is ‘The Cloud’ this and the ‘Cloud’ that. All the arguments about ‘savings’ and ‘ease of use’.  It is a fact that they are all there. Somewhere. However, there is a darker side to it all that is easily lost in the hype and ‘must have’ business case pressures.

See Microsoft’s Cloud Danger. We have seen big players losing data and experiencing significant outages, which whilst not bringing their business to its knees could easily bring yours down.

When you really pin a ‘cloud sayer’ down with the question “What does your cloud concept look like?” they really don’t have a clue. They just know that to be on trend you need a ‘Blackberry” or an “iPhone” attached to the “Cloud”. That may be an over simplification, but the reality is not far off.

It is a salesman’s dream; punters want ‘IT’ but they don’t know what ‘IT’ is! So let’s sell them what they want! Easy! What do you know? Everyone, is pushing cloud solutions and services and telling us that we need them. But do we? And if we do what does ‘My Cloud’ look like?

Gartner has produced som useful guidelines that hlep focus the mind on what 'Cloud' should be governed by:- Gartner Guidelines

1. Privileged user access. Sensitive data processed outside the enterprise brings with it an inherent level of risk, because outsourced services bypass the "physical, logical and personnel controls" IT shops exert over in-house programs. Get as much information as you can about the people who manage your data. "Ask providers to supply specific information on the hiring and oversight of privileged administrators, and the controls over their access," Gartner says.

2. Regulatory compliance. Customers are ultimately responsible for the security and integrity of their own data, even when it is held by a service provider. Traditional service providers are subjected to external audits and security certifications. Cloud computing providers who refuse to undergo this scrutiny are "signaling that customers can only use them for the most trivial functions," according to Gartner.

3. Data location. When you use the cloud, you probably won't know exactly where your data is hosted. In fact, you might not even know what country it will be stored in. Ask providers if they will commit to storing and processing data in specific jurisdictions, and whether they will make a contractual commitment to obey local privacy requirements on behalf of their customers, Gartner advises.

4. Data segregation. Data in the cloud is typically in a shared environment alongside data from other customers. Encryption is effective but isn't a cure-all. "Find out what is done to segregate data at rest," Gartner advises. The cloud provider should provide evidence that encryption schemes were designed and tested by experienced specialists. "Encryption accidents can make data totally unusable, and even normal encryption can complicate availability," Gartner says.

5. Recovery. Even if you don't know where your data is, a cloud provider should tell you what will happen to your data and service in case of a disaster. "Any offering that does not replicate the data and application infrastructure across multiple sites is vulnerable to a total failure," Gartner says. Ask your provider if it has "the ability to do a complete restoration, and how long it will take."

6. Investigative support. Investigating inappropriate or illegal activity may be impossible in cloud computing, Gartner warns. "Cloud services are especially difficult to investigate, because logging and data for multiple customers may be co-located and may also be spread across an ever-changing set of hosts and data centers. If you cannot get a contractual commitment to support specific forms of investigation, along with evidence that the vendor has already successfully supported such activities, then your only safe assumption is that investigation and discovery requests will be impossible."

7. Long-term viability. Ideally, your cloud computing provider will never go broke or get acquired and swallowed up by a larger company. But you must be sure your data will remain available even after such an event. "Ask potential providers how you would get your data back and if it would be in a format that you could import into a replacement application," Gartner says.”

In the light of this does the shape of ‘My Cloud’ change? In the face of a generation that exposes its whole life to one and all on social networking and other collectives, it sends a shiver down my spine at how corporate data could be viewed and abused quite innocently in this free for all world, let alone taking into consideration best pratice considerations for business risk.

Is this a Luddite view?  Not at all we are investing in ‘Our Cloud’ by taking control and ensuring that we always have the security and control to both protect and share our data how we want, when and to whom. Never having the risk that some third party will lose it or prevent us by disaster or bankruptcy from getting to it when we want.

To do it properly, takes time, consideration, planning and yes money. It is definitely not to be done on the cheap.

Tags:

You might also be interested in

Replies (0)

Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.