There was an article quite recently in the Sydney Morning Herald which asked the question “Is Cloud Computing Secure?“. As the article points out, getting a consistent definition as to what comprises security in the cloud is one of the biggest problems in suitably answering the question raised. In fact, the article points out the shortfalls and the strengths of the cloud, but stops short of actually coming to a conclusion as to whether the cloud is secure.
A large reason for the open ended debate is that the Open Data Centre Alliance (ADCA) – a committee of like minded individuals from around the world looking to define cloud computing – are yet to reach agreement on the criteria which defines security within the cloud. And they have been debating it for over a year. Whilst we are confident they will reach agreement, progress needs to be made in the interim, as this progress will help create a standardised definition.
At Harbour IT however, we believe that cloud can be used in some form for all organisations. It does not have to be the “silver bullet” offering that will solve all IT issues. You can take a planned or staged approach that will alleviate some of the concerns around security or protection of data. Most organisations can use the cloud to at least host basic functions such as email, web servers or extend existing capabilities to include backup and disaster recovery services into the cloud.
Existing cloud Vendors, such Cisco, VMware and NetApp have developed standard design architectures that enable organisations to design and deploy secure, reliable and redundant cloud virtualized environments.
Moving forward, reaching agreement on what constitutes ‘compliance’ will require two-way dialogue with clients and other industry providers to ensure that consensus is reached. Should there be failure to understand what the market sees as security or failure to actually convey what it is that the industry can provide and what it means to the end user means there will always be a divide. If this can be corrected, and if Cloud providers can show their willingness to comply, and if clients can realise that there is an obligation to work together with the industry to develop a standard definition, then the question as to whether the cloud is secure, can and will be, easily measured.