The last two years have seen a lot of buzz around Cloud
computing, with just about every software or services company announcing their
own Cloud based offerings. But there's still a lot of FUD (fear, uncertainty,
and doubt) in the minds of enterprise users about moving to the same, and not
without good reason. All of a sudden, your applications move from the confines
of your own data center into a public Cloud, which is shared by multiple users.
So on one hand, you no longer have to worry about managing the application or
its underlying hardware --all that becomes the service provider's headache. But
on the other hand, it also creates an uncomfortable feeling --what if the
service provider doesn't manage the systems properly? Or takes too long to patch
a critical vulnerability? What if somebody hacks into the public Cloud and
steals all your data? What if the service provider moves all your data in a
country whose laws are not enough to protect it? What happens to your data if
you're not happy with the services offered by the Cloud service provider, and
want to exit?
All of these are issues indeed, but I feel that they've
been over-hyped and are retarding the adoption of the Cloud. If you think about
it, most of these issues could also happen within your own IT infrastructure as
well. For instance, your own internal team could do goof-ups while managing your
applications and systems-maybe a senior person quits putting the burden of his
job onto juniors. That's bound to cause hiccups. Patch management remains a pain
for most organizations even today, and it becomes worse when you have a
heterogeneous IT infrastructure, spread across multiple geographies. This causes
delays in patching critical systems, which can sometimes lead to security
breaches. Speaking of data theft, every year, companies loose millions due to
security breaches, even though their IT infrastructure is within their own
control.
So it's unlikely that things will go from bad to worse by
moving your applications to the Cloud, unless of course you've chosen your Cloud
service provider without any prior assessment, expecting that the service
provider would take care of all your security problems. That would be like
leaving your precious belongings unattended in a public place, assuming that the
local security arrangements there would prevent anybody from stealing them. So
you obviously need to re-assess the security issues. If you were lean about
certain aspects of security when things were handled in house, and strict about
others, you may have to change that balance now.
Our cover story this time is a security special, in which
we've discussed the top 10 Cloud security threats. Plus, we've covered all other
aspects of security relevant for enterprises today.
Anil Chopra
Editoranilc@cybermedia.co.in