ODCA backs data security in cloud computing

July 12, 2012

As long as cloud computing has been a buzzword in the field of technology, cloud security has stood as a major adoption inhibitor for many organizations. After years of worry, the Open Data Center Alliance (ODCA) is telling the doubters to let cooler heads prevail and embrace the cloud, according to CloudPro UK.

Misconceptions rather than reality power the harsh feelings toward cloud computing data security, according to speakers at an OCDA event. Accidents attributed to the cloud often are not true cloud issues, vice president of infrastructure service at Capgemini, Marc Ramselaar, told CloudPro.

Ramselaar points to the example of a bank customer who loses data on the bank's secure website after accessing it from an unsecured smartphone.

"What is actually a security issue with the mobile phone is being perceived as something that has been enabled by the cloud," Ramselaar told CloudPro.

Cloud controls
While ODCA is not alone in its bullish outlook on cloud security, the technology still has its detractors. For instance, the tendency to outsource the service could require a greater level of monitoring and control, according to the U.S. Federal Financial Institutions Examination Council (FFIEC). Although the council still sees the benefits of using the services, they admit it requires due diligence and "robust" security controls

Taking the fact that most cloud technology is a service, providers may not feel compelled to put themselves on the line for someone else's data. The report echoes one of the ongoing debates about data security in cloud computing: Who is responsible? The provider or the institution using the service?

According to a study from the Ponemon institute, 75 percent of providers believe that their services did not adequately protect their customers' data. In addition, 69 percent thought that securing that data was not their responsibility.

Lack of transparency
Whatever the belief is, good protection of data in a cloud environment requires protection from both parties. Although it may not be clear who bears the responsibility, if important data falls into the wrong hands, it will ultimately come back on the company using the service. The issue puts an entirely different spin on concerns about data protection that are anything but new, as companies are asked to fully grasp the benefits of cloud security.

"[The risk of data loss] is not a new thing … ," Intel's director of cloud marketing, Raejeanne Skillern, told CloudPro. "The reality of security in the cloud is that it may not be a challenge, but the perception issue is."

-McAfee Cloud Security