Raj Samani (Europe) - The Cloud Computing Conundrum

Do you keep your money under the mattress?  I remember the conversation clearly, sitting in a small café next to Paddington station, and a good friend said their distrust of the Cloud lay with handing over your data to a third party, where "You don't know what they are going to do with it".  My response was to question why they automatically trust third parties with physical assets, like money but there was an automatic distrust in the logical world. 

Okay I may be a little biased in my views of Cloud computing.  Any technology that can potentially provide greater efficiency, and cost savings I feel should be on the agenda of every organization. Moreover, for researchers in any discipline requiring computing resources the public cloud provides a cheap and flexible alternative to internally acquiring processing power.

There does however appear to be a level of reluctance for wide scale global adoption of cloud computing. According to a recent survey the key obstacle is ‘Security'.  However I have to ask the question that is this entirely accurate?  I mean SaaS, IaaS, and PaaS providers invest significantly in security, after all any significant disclosure customer data could well impact the bottom line of the Cloud Service Provider (CSP).  Perhaps more accurate is the need for transparency.  After all if you want to assess security controls for an internal data centre, then you simply need to visit the data centre and show your employee identification (and obviously demonstrate need to know).

For Cloud Service Providers allowing customers physical access to review their data centers may be impossible to support.  In 2008 Eric Zeman from the InformationWeek reported the figure of 10 million Google Apps users.  Having the resources to escort 10 million customers is obviously unsustainable, let alone a reception area to support them.

So I guess this is where the conundrum lies, whilst you may not exercise the right to audit, many organizations will at least want the option. Other issues also exist with Cloud computing, none more so relevant than the regulatory obligations affecting the customer, after all you may simply not be allowed to use a CSP because the data may be stored in a different country. 

So where to now?  We have a technology that could save time, and money for the customer but lack of transparency makes this unpalatable to many organizations.  The recent report by the Burton Group entitled ‘Determining Criteria for Cloud Security Assessment: It's More than a Checklist' sums up the future better than I ever could "Help is on the way from industry standards groups".  Although these are early days, frameworks from the Cloud Security Alliance, Common Assurance Maturity Model (CAMM) , European Network and Information Security Agency (ENISA), National Institute of Standards and Technology (NIST) and Financial services BITS consortium shared assessments group represent a viable future for Cloud computing and we as customers should demand that Service providers support these frameworks.

After all it is in everybody's interest.

Raj Samani is the EMEA Chief Technology Officer for McAfee, founder of the Common Assurance Maturity Model and EMEA Strategy Advisor for the Cloud Security Alliance. You can find Raj on twitter: @raj_samani


« Ali Ahmar (Middle East) - "Ethernet Fabric" - A Network Architecture for the Virtualized Data Centers


Antoni Bosch-Pujol (Europe) - Concern for Data Protection and Privacy Motivates CDPP Program »


Do you think your smartphone is making you a workaholic?