Staying Safe when you Open the Door to the Cloud

Every day, it seems, I open the paper and there’s a big splash about a security breach. If you’ve ever bought anything online, played a games console, or used an online bank, your data is under attack. Several big companies (whose names you already know) have lost sensitive customer data, and damaged their reputations as a result. Recently, a hacking group published a phone number to take requests for companies they should target next. Every business has to be vigilant, and security must be a top priority for customer data.

So it’s no wonder that popular wisdom tells us that companies often shy away from cloud computing because they’re worried about security. What’s telling here, however, is not that people say the cloud is less secure so much as that they’re worried it might be. After all, if all your data is in a big building you own, and you’re holding the keys, it feels secure. With cloud computing, you might not know where your data is held, or who else is hosting applications on the same hardware, so it might feel less secure. That can be an illusion, though. If I had a million pounds, I’d rather it was kept in a bank than in a locked box in my bedroom, and cloud service providers can only survive by demonstrably offering the highest standards of security.

But I would urge anyone with an eye on the cloud to remember that there’s a lot of work taking place now to strengthen the security of cloud computing architectures. I recently attended the Day in the Cloud event in Belgium, where I saw a demonstration of trusted compute pools run by VMware and HyTrust, and enabled by Intel Trusted Execution Technology (TXT). A trusted compute pool enables organisations to have confidence that their software stack is running securely by creating a set of servers which is capable of carrying out a trusted boot process at the hardware layer. This kind of technology makes it possible to use the cloud while keeping confidence that you have absolute control over your IT resources. There will be more solutions to come, too.

One way you can increase the security of your cloud deployment is to use proven best practices, and these are now being documented and published. Intel Cloud Builders has published a free reference architecture to enhance cloud security, based on real IT experiences. It shows you how to create a secure cloud infrastructure with VMware vSphere, Intel Xeon processor-based platforms and a HyTrust Appliance, and the guidelines are available to freely download and use.

As the prominent coverage of data breaches in the press, blogs and forums shows, people care about security. A lot. They trust companies with their data, and expect them to look after it. But security concerns need not stop you adopting the cloud, though: the tools and guidelines are there for a secure deployment.

What are your thoughts? Is security really holding you back from investing in the cloud? Has it been challenging to achieve high security standards in your existing cloud deployment? I’d love to read your comments below.