Cloud carries security risks, but biz benefits hard to ignore

Cost benefits make it tough for enterprises not to adopt cloud services in spite of the security risks, so they should embrace it by putting in place the necessary processes, say panelists at a discussion moderated by ZDNet blogger Eileen Yu.

Yes, the cloud carries many security risks but the cost benefits it offers makes too much business sense for any enterprise to ignore. 

That's the view shared by senior IT executives during a panel discussion Thursday hosted by ZDNet and held at the Cloud Expo Asia conference in Singapore. 

Read this

Cloud will never be fully secure, get over it

Increasing security breaches indicate that any data, once online, will never be completely safe from theft and malicious attacks, so enterprises and users may be better off focusing on risk mitigation.

Read More

"We just have to realize that we don't live in a perfect world, offline or online," quipped panelist Marcelo Wesseler, who is senior vice president of e-commerce at Singapore's postal service, SingPost. "So you have to protect yourself from harm." That means putting in place the necessary "locks" and processes to secure the company's data and network, and ensure employees know what needs to be done in the event of a security breach, he said. 

At SingPost, for instance, there are SOPs (standard operating procedures) in place to ensure that all online connections are shut down immediately in the event of an attack. In addition, staff are on high alert during "seasonal periods" when hackers tend to be more active such as Black Friday or Christmas when there are typically more online shopping activities. 

Wesseler's business unit recently migrated entirely to a cloud environment because the cost benefit of doing so was simply overwhelming. He added that the company's cloud vendor would probably do a better job hosting and securing the company's data than SingPost could since that is its core business. He noted, however, that sensitive information such as financial details are stored off the cloud to minimize any potential security risk. 

For fellow panelist Hammam Riza, executive CIO and director of ICT Center for Indonesia's Agency for the Assessment and Application of Technology, though, security concerns have held back wider adoption of cloud among government agencies in the country, especially since the public sector has to handle extremely sensitive data.

This is further exacerbated by the volume of cyberattacks targeted at the government, Hammam said, noting that Indonesia recorded more than 1.2 million cyberattacks in 2013 and the majority of these were aimed at the public sector.

Pointing to information related to homeland security and law enforcement, for instance, he said it was simply too risky to deploy cloud extensively. It does, however, do so in areas when there are strong reasons and benefits for doing so, such as enabling citizens to file their taxes online.

"Cloud is good for companies that cannot otherwise afford to deploy the service or application, so we should 'get over' the security concerns and instead put in place processes that can address these issues," Hammam said. "We look at three key things to secure our cloud deployment: how to secure the users and their digital identity, for instance, with two-factor authentication; ensuring that all content is secured; and ensuring that applications are also secured."

For companies that have deeper pockets, such as Sears Holdings, building their own data centers and private clouds will minimize security risks, said panelist Ankur Gupta, IT director of big data at Sears' MetaScale. The U.S. retail chain runs two data centers in Chicago and Michigan.

Show Comments