22 August 2011 16:35:22
Security seems to be the biggest concern for organizations when considering switching to cloud computing. No proof has been found to suggest the cloud is more susceptible to data breaches, but because of it's relatively short time on the market, businesses still see the cloud as a greater liability than traditional IT systems.
However, as the market continues to expand, experts believe the security practices of the provider, internal IT departments and regulatory entities will improve, while the cloud itself will continue to advance in size and scope. This might not take so long, as the International Data Corporation estimates the cloud to grow from a $3.8 billion industry, with 600,000 units in 2010, to over $6.4 billion and more than 1.3 million units by 2014.
InformationWeek recently published an article that suggests encryption is the key to proper cloud security management. According to the source, different cloud providers will offer varying forms of encryption, while companies, especially those with higher security requirements, must initiate the measures themselves.
While the U.S. government is tasked with regulating operations within its borders, the website cites how, as a result of the Patriot Act, agencies are legally allowed to access the data of any U.S. based business, even if the storage center is not in the U.S.
The article asserts that government data checking can potentially compromise sensitive data, as there is rarely a strict security contract between the business and the regulatory entity. Thus, the source states that data can be exposed as a result of a simple error on behalf of the government or other entity when conducting a test or examining the systems. To prevent this, the website recommends consistently encrypting data internally, and not leaving the security practices entirely in the hands of the provider.
Encrypting internally, and updating regularly, solves the major problem of the cloud provider and government having full access to data. According to the source, the government does not need a subpoena to request a business' data from a cloud provider, so the cloud provider will be required to disclose any information at the predication of the government. Strong internal security practices may help businesses avoid problems that could arise from this exchange of data.
One reason security concerns are the most talked about among businesses considering the cloud may be the amount of data breaches in recent years. According to the Identity Theft Resource Center, businesses lost more than 3.5 million sensitive records to exposure, and the government more than 5 million, since January 1.
-McAfee Cloud Security