Cloud computing security: no more oxymoron?
It would seem that cloud computing has crossed the Rubicon. Until quite recently, the main objection to cloud computing cited by surveys and anecdotal evidence alike has been the issue of security. Where is my data, will it be secure against hackers and hardware failure and can I get it back again have all been highly pertinent and frequently asked questions. I think that's changing.
Cloud computing is of course, primarily about hosting your data somewhere other than your own premises. Yes, I know about private clouds but for the purposes of this discussion, I'm talking about public clouds. And rightly so, before doing that, companies ask the questions above, and more, in order to assure themselves that their single biggest and most precious asset isn't going to disappear on them. There's a couple of pieces of evidence which suggest that this is changing.
First among them is a poll of attendees at a conference of cloud users at an event held by analyst firm STL Partners [disclosure: I write analyst reports for STL]. The poll's results (more here) showed that the first objection to using cloud computing was not security in all its manifestations but internal resistance, and especially a fear of losing jobs.
Second is a survey by technology reseller Insight of 80 CIOs which also showed that security no longer prevented companies using cloud-based services. They also cared about yes, jobs, but also about asset utilisation - ie whether they were getting the best from their existing technologies. Caveat: Insight has a reason for asking the questions it does, and it's unarguably true that the questions you ask determine the answers you get, yet I sense there's some substance there.
What does all this add up to? Maybe not a hill of beans but perhaps a mound. One interpretation is not so much that cloud computing services providers are getting better at security but that their failings (which are common to almost all IT projects and installations) are being discounted.
In other words, it's not that security is any less important. It's just that people have adjusted their expectations in the light of reality and highly publicised breaches and failures, and no longer expect cloud computing to be better at security and reliability than the stuff they already have, they just expect it to be cheaper.
How will this develop? Experience teaches us that if you build a honeypot, hackers will come. And cloud computing services providers are building huge honeypots which they will have to defend so security issues may not get any easier. Reliability on the other hand should improve as the technology becomes more robust and process standards adherence improves.
Is that how you see it? Or will cloud actually improve data security?