The Patchwork Cloud - What's the Deal with Cloud Security?

Wednesday, March 14, 2012

Rafal Los

0a8cae998f9c51e3b3c0ccbaddf521aa

Depending on who you ask, cloud security is either one of the top concerns for enterprises, or it's not a serious concern at all. 

Since everything I've been reading from the press, my colleagues, and analysts I know has been telling me security is ranked high in the top 5 concerns for cloud computing adoption - this article on ARN by Spandas Lui was like a bucket of ice water to the face. 

I got that initial shock after reading it that forced me to take a minute and think.  This poses an interesting question - is cloud security a real concern amongst enterprises seeking to adopt cloud... or not?

The ARN article cites Andrew Milroy (Frost & Sullivan ICT research vice-president) as saying (paraphrasing) that there are bigger fish to fry than security in the cloud.  The article has some grammatical issues which make it a little difficult to completely follow, but I think I understand the tone in general... whether I agree or not is another matter.

So what's the deal?  Do enterprises really care that much about security?  This survey published by INTERXION recently says that "45% of European IT decision makers view security (and SLAs) as leading barriers to cloud adoption" - so that would stand to reason that those 45% feel that security is a concern.  All this contradicting market data/research can't be good for the mental health of cloud consumers.

Do consumers care about cloud security or don't they?  Is it a top priority?  I think this is one of those questions that lends itself largely to interpretation and the will of marketing folk, but that's just one rabbit's opinion. 

It's like me asking you if you care about the safety of your stuff... well of course you do, but it all depends on the context in which I ask.  If I ask if you care that question as you're attempting to make sure you have a roof over your head tomorrow - the answer may be different.  I don't think security is ever not a priority - it's just a matter of asking the right question.

A wise man once imparted to me (Hi Darrell) - "If the answer is no, you've asked the question wrong".  This is genius I've learned to live by.  Everything must have perspective and context. 

Does your company care about its brand reputation, its customer data, it's proprietary information and levels of business risk?  Of course it does.  Does your company care strictly speaking, about "security"?  Sometimes yes, and sometimes no - it depends on how you ask the question.

My point is this - don't listen to the analyst and marketing hype when it comes to cloud security.  It's a priority just like it's always been, or hasn't been.  Today more than ever security is critical to the survival and success of most any business. 

Do your executives believe security trumps cost-containment?  What about agility?  What about extensibility?  These are all a matter of perspective, and tend to be important to different companies at different times, for different reasons.

Alright, look, don't panic if you work in security and you read these press releases telling you that businesses moving to cloud don't care about security, fact is they do, they just may not understand it or know it in that context.

Cross-posted from Following the White Rabbit

Possibly Related Articles:
9276
Cloud Security
Service Provider
Cloud Security Enterprise Security Risk Management Cloud Computing Outsourcing Vendor Management Managed Services Data Center Service Level Agreement
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.