Wednesday, July 29, 2009

Cloud security depends on the human element

In a recent survey on cloud computing of 300 corporations worldwide by Information Technology Intelligence Corporation, 38 percent of respondents said that they are unsure about adopting cloud services, and another 47 percent said they are not considering the cloud over the next 12 months. The main reason cited for not using cloud services was security.

Though I am not sure that the numbers are indicative of the entire IT industry, I do agree that security is a concern. And of course, there are a few options that can reduce the security risk, including, in some combination, encryption, VPN, building an ExtraNet, SSL, and HTTPS, depending on the vendor and the type of data you are sending through the cloud. ITIC says 83 percent of survey respondents said they would require "specific guarantees" of the safety of their mission-critical data, and 62 percent would want multiple access paths. These safeguards wouldn't be out of the ordinary. And to make sure all possible protections are in place and satisfactory, a company needs to move slowly when adopting the cloud. A great place to start might be e-mail or CRM data.

Ralph DeFrangesco who teaches security at Drexel University in Philadelphia, Pa. and is currently teaching Disaster Recovery and Business Continuity says, "Putting security aside for a moment, I feel that the cloud offers an excellent recovery option. Think about it: If something were to happen to your facility and you needed to relocate, you could still access your data with just a connection and no recovery effort. This benefit might be the one to convince IT folks who are not ready to place their trust in cloud providers for daily operations. The threat of one type or another of disaster is always present, but keep in mind, as Carl Weinschenk recently wrote, that we are in hurricane season."

The reality is that security is a concern whether you are using the cloud or not. If your company decides that it makes sense to adopt the technology, then put the solution in place along with the proper security measures.

A report published on suggests that instead of new technology the problem was with us – the people – as in us humans. The study suggests that we need more educated smart folks to thwart those evil hackers and prevent attacks.

Andras Robert Szakal in Cloud security depends on the human element says "many of the poorly constructed services, SOA, Cloud or otherwise are the result of poor design and a lack of architectural skill. The challenge here is that high value architects are difficult to grow and often more difficult to retain". He adds, "The fact is that most organizations have created an artificial barrier between IT professionals and business professionals. The line of business professionals, management and executives are more valued than the techies running the IT shop. Some headway has been made in the integration between IT and the business. But for the most part they still exist as separate entities. No wonder the cyber report suggests that prospective high valued cyber security specialists and architects don’t see a future in a cyber security career".

He offers some ideas to address the challenge:

First, ensure these folks have architectural as well as cyber security skills. This will allow them to think in the context of the business and find opportunity to move from IT to a line of business position as their careers grow. Ultimately, the IT teams must be integrated into the business itself. As the report suggests it’s necessary to establish a career path for technologies but more importantly technical career paths must be integrated into the overall career framework of the business.

Is your organization using the cloud? If so, let me know what you are using it for. If not, why not?

Reblog this post [with Zemanta]