Adoption of Cloud Computing
Pie in the Sky?
Businesses across the globe will continue to increasingly rely on computer networks and online or wireless network interactions for conducting business as well as for storing sensitive data. When it comes to the data storage, forecasters are increasingly pointing to cloud computing – using the Internet to connect to remote servers shared by users to store data – as the future industry standard. While the technology offers the advantages of other outsourcing measures, it also brings with it new forms of security threats and concerns that might dissuade governments and businesses from immediately moving their data offsite and into the clouds.
-
Expert 1: Information technology security expert in New Zealand
“At the moment the name of the game is cloud computing. It is a big unknown monster. The question is how to protect intellectual property in a cloud, how to be confident something is secure…There is no practical solution how to do it. Everything is extremely and rapidly changing. I can’t say the technology will become standard.”
-
Expert 2: President and founder of leading U.S. network security company
“Financially and managerially [cloud computing] makes some sense, but it is putting all your eggs in one basket – all your eggs are in a basket you can’t see and you can’t control. Now imagine the benefit to an attacker. Now we can attack one machine, one whole system in the cloud and get 50 companies in one site. You’re going to get more of these attacks. For the attacker it will be like one-stop shopping…I've told clients to test cloud computing for now. I've instructed them to use it more as a public disaster recovery resource (extra storage, backing up data, hosting non-critical web and application services). I wouldn't have them move their entire business onto it just yet (if ever).”
-
Expert 3: Cyber security advisor to the Malaysian Ministry of Telecommunications
“The threats to cloud security are the same set of threats facing current web applications and software. The added complexity of having to provide access to the cloud from everywhere is going to be the main issue where security problems crop up. It isn't a flaw within the technology but within the implementation. The same is true in today’s web 2.0 applications. How you authenticate is one thing; how you keep authentication information synchronized is another [i.e. providing access to the cloud via your desktop, your cell phone, a web 2.0 application, etc.].”
-
Expert 4: Director of cyber security practice at a major U.S. technology firm
“The maturity of clouds isn’t that important if you’re not talking about government restricted information. The information used on the Internet is mostly for communications, so it can be shared. But when can governments or companies be sure their data is protected? There is a lot of research to go into protecting clients, separating their data in case one area of the cloud is infiltrated so they can be sure their data is secure while still allowing the benefits of shared computing.”
Expert 5: Network security consultant and security management expert in the United States
“If I were to think really creatively, I think we would want to see technologies that are better at data-centric security. It is so hard to secure every path in and every path out of a network, so maybe if we focus on critical pieces of data, then maybe we’ll have a chance. Something that tracks sensitive data as it travels through the environment, assigns risk to it, controls who has access to it and how it is flowing in and out of the organization. I think a set of tools that ties security controls to data in an enterprise rather than focusing on purely on protecting the perimeter and what goes in, that’d be good.”
Insights from the Ergo Network
Ergo asked four security experts to comment on whether they believe cloud computing really is the future of data storage or if its adoption will be too severely hindered by security concerns to become the industry standard.
Ergo's House View
There is some disagreement among our experts over the level of threat cloud computing presents to potential users. It is clear, however, that government agencies and businesses with sensitive data will most likely not be the early adopters of cloud computing technology; it will be some time before the security measures are sufficient to persuade them to rely heavily on the technology. While many SMEs might venture into the still relatively uncharted waters of cloud computing, cases of data loss or theft could scare off more hesitant organizations until security solutions are developed.
Security breaches from cloud computing in its relatively nascent state would not come as a surprise, and might in fact spur more serious efforts to strengthen defense mechanisms. Those efforts are already underway, but the race is on to develop security measures that would allow the technology to have wider appeal among all potential service users. In the meantime, companies must fully understand the risks of accessing sensitive data from an unsecure location or country, as well as the capabilities of adversaries, so they can make informed decisions on using cloud computing effectively and securely.
Ergo recently conducted a study of critical infrastructure security efforts, including an analysis of cyber security spending, in 35 developing countries. We determined that as much as $12 billion will be spent on cyber security in these countries in the next five years. When one considers the markedly higher cyber security spending expected in developed economies in North America, Western Europe, and the Asia Pacific region, the spending forecasts grow exponentially.