Monitoring the cloud can be tedious but ultimately essential

25 septembre 2012

The green shoots of economic recovery may have just started poking their heads above the irradiated soil of the financial downturn, but the cloud continues to float serenely along.

Companies are embracing the cloud at such a rate that industry analysts confidently predict that, within four years, 50 percent of small-to-medium businesses will be using it as their primary means of ensuring data protection and increased storage capacity. Cloud evangelists call it revolutionary, a self-sustaining economic model of effective delivery services, but, according to some major technology companies, monitoring everything that happens in the cloud could become tedious.

At a recent conference on cloud data security, there were worried mumblings among attendees that the poster-child of cost-effective data transfer and storage may be open to some criticism. Issues of reliability and integration with existing IT services bubbled beneath the surface, while the ever-present discussions about secure cloud computing ensured that the naysayers could claim to have a point.

Trying hard not to burst the bubble
Writing for Cloudtweaks.com, Carlene Masker described herself as a "technology enthusiast." Her major concern was security, and she believes that nearly half of all cloud-based services have either suffered a severe web security breach or are expecting one to happen in the near future. Experiencing a breach is one thing, but anticipating one is another matter entirely, a situation that should set alarm bells ringing among companies that are still sitting on the cloud-deployment fence.

"Though the security risks pertaining to cloud-based services are yet to be documented, it is wise for businesses to be aware of the impending security breaches that the cloud-based models are prone to," wrote Masker. "Some of the well-known security risks that cloud-based models bring about are long-term viability, data segregation & location, data recovery, regulatory compliance, and privileged user access."

Companies like Amazon could claim that feeding on the fear of a prospective cloud adopter is counter-productive, bearing in mind that the security infrastructure continues to develop and improve at an increasing rate, but it seems that security is the prime concern of business users. Four different types of cloud deployment models currently exist (public, community, hybrid and private) and, for the rookie, each can have its own challenges and concerns. Masker warns that not all cloud-service providers are the same, each adopting their own level of governance and ability to react to any potential cloud data security breach.

Managing and evaluating risk
Her cautionary stance in jumping into the cloud is born out by a recently released whitepaper entitled "Enterprise Risk Management for Cloud Computing." Produced by Crowe Horwath L.L.P, it set out a series of best practices that businesses need to be aware of, and objectives to follow before they make the decision to become cloud-based.

The authors of the paper advise that adopting a formal risk evaluation before signing up may be a prudent move, as is establishing levels of cloud governance and ensuring that internal IT skills and abilities are up to the task of understanding the risks inherent in the cloud.

"Unfortunately, sometimes people take all the easy steps," said Warren Chan, principal at Crowe Horwath and one of the paper's authors. "Sometimes the benefits look very good, so they only look at the upside rather than the downside. What's happening is people are not doing an end-to-end evaluation of at least the critical points. There could be legal risks, business interruption exposures or other business risks, and once companies engage a third-party provider, many times their risks expand."

-McAfee Cloud Security