Jumping into the Cloud, Sans Parachute
Given the expense to maintain a physical IT infrastructure, the thought of replacing server rooms and haphazardly configured appliances with cloud services is simply too hard for many companies to resist. But rushing into the cloud without a security strategy is a recipe for risk.
According to the survey, 43 percent of respondents are using cloud services such as software as a service or infrastructure as a service. Even more are investing in the virtualization technology that helps to enable cloud computing. Sixty-seven percent of respondents say they now use server, storage and other forms of IT asset virtualization. Among them, 48 percent actually believe their information security has improved, while 42 percent say their security is at about the same level. Only 10 percent say virtualization has created more security holes.
Fears about vendors dominate cloud security risks.
What is the greatest security risk to your cloud computing strategy?
Ability to enforce provider security policies: 23 per cent
Inadequate training and IT auditing: 22 per cent
Access control at provider site: 14 per cent
Ability to recover data: 12 per cent
Ability to audit provider: 11 per cent
Proximity of company data to someone else's: 10 per cent
Continued existence of provider: 4 per cent
Provider regulatory compliance: 4 per cent
Security may well have improved for some, but experts like Chris Hoff, director of cloud and virtualization solutions at Cisco Systems, believe that both consumers and providers need to ensure they understand the risks associated with the technical, operational and organizational changes these technologies bring to bear.
"When you look at how people think of virtualization and what it means, the definition of virtualization is either very narrow--that it's about server consolidation, virtualizing your applications and operating systems, and consolidating everything down to fewer physical boxes--or it's about any number of other elements: client-side desktops, storage, networks, security," he says. "Then you add to the confusion with the concept of cloud computing, which is being pushed by Microsoft and a number of smaller, emerging companies. You're left scratching your head wondering what this means to you as a company. How does it impact your infrastructure?"