Articles and commentaries about cloud computing seem to popping with increased regularity as more and more people become exposed to “the cloud.” A common concern in discussions about cloud computing is the level of security possible. Over at Wired’s Cloudline Blog, Todd Nielsen has written three recent pieces about cloud computing. Today’s post, “The Truths, Untruths, and Fuzzy Truths of Cloud Security” is all about security concerns. Of particular interest to me was his exploration into whether traditional networks or cloud computing are more secure.
When examining the “fuzzy truth” that traditional networking is more secure than cloud computing, Nielsen points out that “[i]f you run a company that has a dedicated team of security experts that are monitoring your network 24/7/365 for all exploits and security risks, and this team can take instant steps to secure the network in case of problems, and you have a team that is constantly testing software and updating it to fix security holes, then sure, traditional computing can be more secure.” This kind of constant vigilance is beyond what many small to medium sized businesses (or arts organizations) can afford, which is why current data seems to support the idea that traditional networks are, as Nielsen explains, “easier to get into […] and these are the ones hackers are targeting.” Another concern for traditional networks brought up by Nielsen role of organizational insiders in security breaches.
On the other side is the argument that cloud computing is more secure than traditional network computing. Nielsen points out that “most reputable cloud companies have an elastic and automated infrastructure backed up by a team of security professionals [and] infrastructures are increasingly more complex.” Given their complexity, they are more difficult for hackers to penetrate. However, Nielsen also points out the two-fold “dark-side” of cloud computing. First, not all clouds are created equal and some of these lesser quality providers are besmirching the good name of others. While many cloud providers offer excellent security, Nielsen explains that some companies are “an IT solution provider who has installed some server in a data center and called it a cloud,” lacks expertise in security, and “[has] poor security measures in place.” Second, like in traditional networks, there is the issue of hacking. Nielsen observes that “when a public cloud solution provider is hacked, the effect is often more widely felt, or at least has the potential to be more widely felt.” In the end, despite the risks, organizations continue to transition to cloud computing because, as Nielsen explains “they recognize that the security they get in the cloud is greater than they can affordably provide themselves.”
As with any technology or software, organizations need to weigh the pros and cons of a particular solution and then, if they wish to implement it, need to carefully research providers and options. In terms of cloud computing and security, writes Nielsen, “[i]f you do not know what questions to ask, then you need to educate yourself, or hire an expert that does […] if you care enough to not make sure your data is safe and with a reputable company, then you will have to accept the responsibility that comes with that decision.” As with any decision, the organization is accountable for its choices. There are no perfect solutions for absolute security – online or off, in the cloud or not – but, as Nielsen concludes, “by educating ourselves on what cloud computing is, we gain a deeper understanding of its benefits and risks, empowering us to make wiser decisions and to develop a strategy that is right for our organizations.”
Read Nielsen's full post at http://www.wired.com/cloudline/2012/03/cloud-security/
-Adrienne
No comments:
Post a Comment