This series on data security is commissioned by IBM. Read more about building a smarter planet on the IBM A Smarter Planet Blog.
Photo: rsvstks via Flickr
Traditionally, IT administrators could store and protect data in-house on the company’s servers, controlling where things are, who has access and what safeguards are in place.
What happens when other companies are in charge of protecting that data?Businesses are finding out as they look to cloud computing to cut costs and access cutting-edge applications without having to invest in additional hardware and software.
Here’s how cloud computing works: Companies rent space on someone else’s network for their applications, data and services, paying as they go only for the compute capacity they need. The company that owns the cloud is responsible for everything on it, although companies are encouraged to secure applications before putting them on the cloud. Amazon is no longer the only game in town for cloud computing – companies like Microsoft, Google, Salesforce.com, Rackspace and others also offer similar infrastructure.
From the beginning, IT administrators have been leery of the security implications cloud computing presents, and with good reason. Proprietary business data is the crown jewel of any organisation, and giving up control of it to someone else is not a concept to be taken lightly.
The multi-tenant nature of cloud computing, in which many organisations’ data could be stored on one piece of hardware in a network, also presents a security risk. Even if an organisation secures its own data before putting it on the cloud, there’s no guarantee that another organisation with data on the same server has. In that way, a company could pay the price for someone else’s security problem.
Research reflects a continued wariness on the part of businesses to jump into cloud-computing feet first. Even though spending on revenue from cloud computing services is expected to grow from $68.3 billion in 2010 to $148.8 billion in 2014, according to research by Gartner, many IT professionals still think the risks outweigh the benefits.
The issue isn’t black and white: there is a belief in the industry that the distributed nature of the cloud computing architecture could actually improve the security of data. The thinking here is that if a company’s mission-critical data is stored in multiple places rather than one place, a loss that could occur from a malicious incident is less than it would be if someone accessed a centralized data store.
Data-breach research also shows that network intrusion, while a threat, actually comprises a low percentage of overall breaches that occur. According to Microsoft’s latest annual Security Intelligence Report, the largest single category of data-breach incidents in the first half of 2010 involved stolen equipment. Moreover, the vendor found that malicious incidents – such as hacking or malware — accounted for less than half as many breaches as pure negligence on the part of a business itself, such as improperly disposing of data.
It’s common sense: publicly traded companies like Amazon and Microsoft can’t slack off on the security of their cloud-computing infrastructures. Not only would it be humiliating to suffer a major data breach of information stored on their clouds, it could cost them a lot of money to repair the damage and send their stock price plummeting. Until cloud computing proves itself security wise, companies should continue to experiment on a case-by-case basis before handing everything over to someone else.