Security pitfalls and concerns with public clouds

We continue our conversation with Vince Vasquez of Cloudbook.net.

Today he tells us about some of the challenges that come with the cloud, as well as some of the benefits.

Fed Cloud Blog: What’s the importance and relevance of having everyone on the same page when it comes to the cloud?

Vince Vasquez: At the consumer level, it doesn’t matter. If I’m a consumer running, say, Google’s gmail, I don’t really care what computers are being used.

That’s part of the beauty of cloud computing. It just simplifies the use of the application for the end user. You just log on and use gmail.

But, if you’re trying to implement cloud computing, then it’s extremely important because you need to know all the pieces required to build your cloud, and who are the players so you can create the most appropriate cloud implementation for your needs.

That’s why creating a place where all those experts and leaders can share their knowledge [means] you can educate yourself on — what is cloud computing? What does this person think? What does that person think?

Then, from that, you can make your own decisions of what are the most appropriate pieces for your own cloud.

FCB: Have you discovered any major pitfalls when it comes to the cloud or trying to move to the cloud, or even trying to gather information about the cloud?

VV: Well, there are definitely pitfalls.

For one — networks. If the network goes down, you’ve lost your cloud.

But, probably more realistically, the network can get bogged down, so you’re access to the cloud can get severely limited and we all know how frustrating it can be hitting a stroke on the keyboard and having to wait for a response.

Also, it is a shared environment, so the computer storage resources can get oversubscribed. So, again, your performance can degrade.

And then third, because it’s a shared environment, you’ve also given out your security control to the cloud provider. So that means, for instance, the provider could update all the software on the cloud and you could be quite happy with what you’re currently running.

Given that you’ve given up security control, that is another potential pitfall that you might want to have better control over.

FCB: Do you — with your personal experience aggregating all of this information — find that now the onus of security is even more on the IT manager than before in terms of operating within the cloud?

VV: Security is definitely the hottest cloud issue out there.

After all, your company’s data could be sitting out there on someone’s cloud and — what assurances do you have that you’re the only one that has access to that data?

Cloud providers do take security seriously.

One customer of mine has a security policy that’s almost 1,000 pages long. In addition, there are certifications . . . and audits that a provider includes in its stated policies.

[One can also] implement a lot of tools to beef up security, like intrusion detection that can spot if someone is trying to hack in the cloud from the outside.

Part of sharing content is to share what people are saying about what they’re doing in security — both in best practices and what applications and tools are out there to help beef up security; however, security is dependent on on architecture.

As we’ve seen with the Windows operating system that if the architecture is vulnerable, there are smart people out there who can find ways to break in.

Also, if you use a public cloud, the penalties for if someone breaks into your data are pretty minimal. Service Level Agreements tend to have penalties in line with paid usage.

So, if you’ve paid, say, $1,000 for cloud usage, but your company’s IT was stolen from the cloud that you feel is worth millions of dollars, you’ll be compensated more in line with the $1,000 you’ve paid rather than the millions the IT is worth.

It’s probably a bit early for companies to move their most private data to the public cloud, but there’s certainly a host of other applications they can move to the cloud now.

For enterprises that want to build private clouds within their own data centers, they can certainly move their most secure applications to those private clouds.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: