Rants
Questions
Soapbox
Best Practices
NEWSLETTERS
SUBSCRIBE TO CIO
Are you involved in setting the direction for your company's IT budget or strategy?
Apply today for a FREE subscription to CIO Magazine!
Thu, Oct 23, 2008 14:40 EDT
Cloud Computing Requires Changing Your Mindset on Security
|
Posted by: C.G. Lynch in Rants Topic: ApplicationsBlog: Web 2.0 Advisor
Current Rating: |
If I had to do it over again, I would have inserted a few snarky questions into our cloud computing survey that came out this week. They would have been added around the section about security, seeing as security concerns topped the worries IT pros and leaders had over cloud computing.
Here's a couple of questions:
Do you have a personal account with Amazon where you enter in your credit card information?
Has your business done Web advertising through Google?
It's funny that I can't remember the last major data breach either of those companies have had as a trusted vendor in the consumer space. So tell me, why would they fail to extend the same security policies to enterprise data if you entrusted it to them? Would that be good business for them?
If the economy weren't tanking, I'd say this rhetorical notion that cloud computing is somehow vastly less safe than traditional on-premise environment would continue to hold, encouraged by consultants and vendors who have a stake in making sure you overpay for applications and maintenance on utilitarian systems (such as e-mail) and call it "strategic investment with a trusted partner."
But as IDC (a sister company to CIO's publisher) points out, the huge cost savings that can be realized from moving to the cloud will be more than IT pros can ignore, or (I'd add) their increasingly more tech savvy CFOs and CEOs will let them ignore.
The reality is, worrying that Amazon or Google "isn't secure" doesn't mean they're not secure: It either means you don't want them to be secure because you're used to doing things a certain way, where you have a certain level of control, or you've just been heavily swayed by vendors that don't want to take the next step in computing. Worse, perhaps you're just worried what a shift to cloud computing might do for your job security.
Of course, IT vets (especially those on a high level) still have a bright future in a cloud computing world, so you shouldn't worry in that regard. But it will be a very different role, centering around managing vendor relationships or working on integration efforts (the latter, by the way, I think should have scored much higher in the "concerns about cloud computing" than security).
Some people might have found it surprisingly high that 58 percent of survey respondents said "cloud computing will cause a radical shift in information technology driving the next wave of innovation." I found the number surprisingly low -- an answer of "yes" to that question should have been near unanimous.
The Web has profoundly changed the way we consume information and now, with Software as a Service, the way we contribute and update information as well. As such, I have to believe the days are numbered for the alarming 42 percent who checked off "no." It was even more alarming that 30 percent said cloud computing wasn't on their technology road map at all.
There are legitimate worries about cloud computing. How will you get disparate applications run by vendors in different parts of the world to play nicely with one another? When will the functionalities of certain cloud-based applications catch up with the functions of on-premise apps (think: the difference between an Excel and a Google Apps Spreadsheet)?
Uptime is a concern. Google (as an example) has shown that outages can be a tremendous problem for customers, recently watching its Gmail go down for 30 hours, leaving workers and even CEOs without their email and documents.
But the ultimate question will be when are CIOs and IT
All Comments
Comments
Thu, Oct 23, 2008 21:06 EDT
Ever go to a restaurant and give the waiter your credit card?
Years ago, no one would ever punch in a credit card number on their phone or give one over the phone to someone.
Change is hard but good.
Cloud computing which really is just a new spin on an old solution, doesn't deserve to get 100% approval.
The hardest part about cloud computing is it is not available 100% anyplace on Earth.
Some countries you are lucky to get dial up lines, others you get Fiber.
Some cities have wi-fi, some airports don't.
Our offices have dead zones for phones, and wi-fi.
Driving along in the middle of America, any service? Not Likely 100% of the time.
Look beyond the US and face reality, cell phone (GSM) speed is a luxury in some countries and the best Internet access they have.
If a company goes Cloud Computing, then why do they need office space, taking this solution to an extreme? Usually it is because people need access to internal data, now you don't with this idea.
This would not likely help commercial real estate, although it would help the cable/DSL companies as people would be ponying up for the super fast capabilities.
You do not have flash or javascript support.
Fri, Jan 23, 2009 16:49 EST
There have been implicit comparisons made between credit card information and data integrity. I claim that this is an invalid comparison, and I'll explain why.
First, when someone steals your credit card, and uses it, you're usually insured (at least after something like 50 dollars). Second, even if you weren't insured, at least you get a nice report on what they spent, and you can quickly close the card and move on with no further damage.
A breach of data integrity, which is what you risk by using a public cloud, is quite different. First, you don't get a report in the mail telling you what data has been read, or even THAT data has been read. Second, in the case where it is not your data that is being put at risk (but instead, your customer's), any breach of that data will have a lasting effect on your image to the customer who owned it, and anyone that customer talks to. This is far more painful than calling your credit card company to cancel an account and challenge a few charges.
You do not have flash or javascript support.
Tue, Oct 28, 2008 12:43 EDT
Great article. Fortunately the market has become too educated to give much credit to the SaaS FUD spread by legacy vendors. Especially in this economy, we are seeing the the scarcity of the dollar changing opinions and attitudes about new technology like cloud computing and SaaS.
SaaS security is one myth that constantly needs to be busted. We've come up with about nine more SaaS myths that deserved to be debunked. Myths about SaaS integration, cost, customization, functionality, and more are all busted here: http://ww3.service-now.com/different/myths/
Rhett Glauser
Service-now.com
You do not have flash or javascript support.
Sat, Nov 1, 2008 7:06 EDT
Well stated, I think more cloud computing is coming fast. I am a believer. But what's missing?
If I give my credit card number to Amazon.com to buy a book, I have virtually zero risk, since my credit card company guarantees zero loss. If something goes wrong, I'm a phone call away from a credit to my account.
But if a company or government gives thousands of accounts to XYZ.com, there are 100s of additional questions.
Here are a few:
1) What contractually binding security protections are in place?
2) What background checks are run on staff?
3) Will the data be housed in China or other offshore location?
4) Even if I trust "the cloud," how can I verify what's happening?
Trusting "the cloud" requires legal and financial protections - just like I get with my credit card.
You do not have flash or javascript support.
Post new comment
About this Blog
Kristin Burnham chronicles what matters (and what doesn't) in the world of social networking, Web 2.0 and consumer applications.
Hot Conversations
So Long, SAP's Leo Apotheker, We Hardly Knew Ye
Posted by Thomas Wailgum in News | 4 comments
Ex-Microsofties Look Back in Anger
Posted by Shane ONeill in News | 4 comments
The Price of IT Outsourcing
Posted by Beth Bacheldor in Best Practices | 2 comments
The iPad and Netbooks: Comparing Them Is Stupid
Posted by Shane ONeill in News | 1 comments
Enterprise IT's Top Enemy: Its Own Arrogance
Posted by Thomas Wailgum in News | 10 comments
Start a Conversation
Got something to say? We want to hear it! Click the Post button to get started. GO»
EXPERT ADVICE
There's a lot of buzz about Windows 7 out there. Each month in our webcast series, listen to analysts and customers discuss how Windows 7 and the Windows Optimized Desktop is impacting large companies around the world. Learn how they evaluated Windows 7, including the cost of deployment, deployment strategies, and tangible benefits.
Sponsored by Microsoft
Listen to on-demand Recordings »
A Framework for Better Application Delivery
The complexity of application delivery is driven in part by the evolving applications environment. Instead of approaching application delivery from a siloed fashion, this handbook looks at end-to-end guidance and discusses the impact of ignoring the WAN, Web apps that are chatty, data center consolidation, SaaS, Web 2.0 and virtualization.
Sponsored by Riverbed
Read this White Paper »
Microsoft® Exchange 2010 includes archiving - but is it enough?
Microsoft® Exchange 2010 includes basic email archiving. But many organizations will find that it does not meet their requirements. This paper describes why organizations need to archive, what capabilities Exchange 2010 includes and why 3rd party archiving solutions will be necessary for most organizations.
Sponsored by Google, Inc.
Read this White Paper »
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
NEWSLETTER
FEATURED SPONSORS
SPONSORED LINKS
THE IDG NETWORK
© 1994 - 2010 CXO Media Inc.