Privacy of Data in the Cloud
Retail customers often need to handle peak hour traffic on only certain days of the year - sometimes only once a year. It is not economical for businesses to spend large amounts of capital on infrastructure in terms of hardware and licenses to handle this extremely rare demand peak. At the same time, in this era of extreme competition, not many businesses would dare to have unhappy customers, especially when it matters - like for example, a week before Christmas.
The elasticity that Cloud Computing offers is just 'what the doctor ordered'. One can just call up the cloud service provider, a week before the anticipated peak, and ask that the necessary resources needed to handle the peak be put in place.Cloud service providers also will need to be able to provide the necessary elasticity to business consumers without prior notification. Architecting solutions to automatically handle unknown surges in demand is challenging even today where architecting for scale-up and scale-out are common considerations. However, virtualization technologies, affordable blade servers with terabytes of main memory backed up by cheaper and larger hard-disks, multi-core processors looking for work to do - all provide the necessary technology support to service demands that are unique to cloud computing.
The biggest fear that companies have when thinking about operating out of the cloud - is with regard to the privacy of their data. Companies want to have control of their data. Over the years, as PCs got faster and less expensive, tasks were moved from the mainframe realm to the PC realm, because it gave a feel of things being under your control. Though the movement was slow initially, it picked up speed over the years and has now resulted in a lot of software running on desktop machines and server machines in-house. As more and more critical data resided on desktop machines, installation and execution of anti-virus software solutions provided that much needed confidence about data and applications being secure on the machines. With data out on the cloud, there needs to be something similar in place for customers to feel secure about solutions hosting their data.
Data security being one of the major hindrances towards leveraging the benefits of moving to the cloud, there is enough thought being put into how customers can be assuaged of such fears. According to Bret Hartman, CTO of RSA, the company is working on a SaaS based solution which provides a dashboard that allows enterprises to see how cloud service providers secure their data. Enterprises should be able to see that the sensitive content deployed by the provider is being protected and can also be used as an audit input.
Solutions that cloud service providers adopt have to be architected and implemented to protect data. To achieve data security, solutions need to achieve clear partitioning in storage, servers and network -achieved through use of virtualization technologies and management tools to monitor separation. There is a move towards getting vendors (whose solutions are commonly used in cloud computing solutions) on board to integrate and build security right into the cloud computing infrastructure. Virtualization solution providers, for example, need to think even harder towards what could possibly compromise data security when used as part of a cloud computing solution and plug those gaps. There seems a collaborative effort towards achieving such goals with RSA for example working with Cisco and VMware.
In addition, to provide potential cloud customers the necessary confidence, companies like McAfee will partner with leading Certification delivery vendors (KPMG for example) to provide Certification services tailored for SaaS and Cloud vendors. The certification services, which are provided on an annual basis, will include existing security controls, processes and certifications, as well as future Cloud security standards. In addition, there will be automatic and daily security audit and remediation of vulnerabilities. Cloud service providers who pass the daily scan and other checks will receive a `McAfee Secure' Trustmark which could serve as a certification of their strong security facilities.
The fear of data security as the one of the major hindrances towards cloud computing has indeed set off a scramble for solutions. It is interesting that the focus is not just at look at technical solutions, but there is intense innovation coming in from the process and standards side too. What is required is the hardening of the virtual environment, having access controls in place (so that consumers can determine control rather than providers), having strong authentication, strong interoperability and world-class standards in security. It is heartening that companies are working together in a cooperative mode towards a common purpose - that is to get more and more businesses to trust and embrace cloud computing solutions.