Cloud computing has become one of the most popular – and disruptive – technologies to emerge in recent years. But even as the cloud continues its rapid ascent, concerns over its data protection and privacy implications have risen seemingly in step.
Research firm Gartner recently predicted that worldwide IT spending would reach $2.7 trillion next year, a 3.9 percent increase from 2011. Though the overall increase is relatively slight, spending on cloud computing will far surpass that percentage, growing at an annual rate of 19 percent through 2015.
"What supply chain models did to manufacturing is what cloud computing is doing to in-house data centers. It is allowing people to optimize around where they have differentiated capabilities," said Peter Sondergaard, senior vice president and head of global research at Gartner.
The most widely reported benefit of moving to the cloud is cost savings. Businesses of all sizes are finding they can reduce spending on other IT operations by deploying solutions, such as software, storage and even infrastructure, in the cloud. Many also cite greater accessibility as a key advantage of the cloud. By offering these solutions in a cloud-based environment, employees can access their business programs and data from virtually anywhere with an Internet connection.
But with that greater accessibility come data security and privacy concerns. Chiefly, businesses have to sacrifice some degree of control by moving solutions to a third-party server. For many companies, this is not a major issue, as most data produced and accessed in the cloud is not especially sensitive. Heavily regulated industries, such as healthcare and financial, however, have taken greater issue with this.
These benefits of greater accessibility and cost reduction are still the same, but by hosting data in the cloud, businesses in these industries must rely on the vendor to ensure data is adequately protected and remains inaccessible to unauthorized parties. This can cause anxiety for many IT managers, as they are not always afforded the same level of oversight as they would be in their own IT infrastructure. Unsure of how the cloud vendor plans to protect sensitive information, a business in a heavily regulated industry may be understandably hesitant to trust the cloud.
This is an issue that has become a point of contention for many IT experts and industry observers. For example, Davide Perille, of the European Privacy Association, recently asserted that the cloud is not compatible with current European data protection systems, according to an H-Online report. Speaking to a group of European Union (EU) officials, Perille suggested that cloud vendors may not have the customer's best interest in mind in their data monitoring practices. Especially in the EU, where data protection standards may differ from country to country, storing data in a cloud data center located in a separate country could violate overarching EU privacy laws.
Additionally, cloud computing failures, such as the ones that befell Sony and Amazon this year, only exacerbate concerns. When a major cloud vendor suffers an outage, those already hesitant about the cloud are more likely to adopt an "I told you so" mentality.
But this doesn't tell the whole story. Other experts say concerns over cloud security are overblown, and cloud providers can actually provide better data protection than most companies can in house. This is the sentiment taken by Francis O'Haire, technical director at DataSolutions, according to a recent SiliconRepublic report.
O'Haire asserted that cloud crashes are simply more likely to garner more attention than other data security issues because headlines tend to focus on incidents that affect a large group of companies or people.
"You will hear about a plane crash because it’s such a rare event and it has a bigger impact, but it’s still the safest way to travel, statistically," O'Haire said, according to the news provider.
"The first thing to do is acknowledge that for some businesses – certainly the small to medium businesses – the type of security available in the cloud is much, much greater than they could potentially ever afford themselves," he added.
It is also important to note that many issues with the cloud can also affect traditional technology. The Amazon outage, for example, was the result of a human error, which could affect any IT system, whether in the cloud or hosted on premise.
Nevertheless, it is ultimately up to the company to decide if it is ready for the cloud. Some companies will choose to host less sensitive data in the cloud, while reserving more critical information on systems with which they are most comfortable. Others are diving in head first, confident that the cloud vendor can provide the necessary levels of protection to safeguard their IT systems. Or a company may choose to abstain for the time being, waiting until security and privacy issues in the cloud are resolved.
What does seem apparent is that the cloud is becoming the future of enterprise IT, and sooner or later, these issues will need to be confronted.
Cloud Computing News from SimplySecurity.com by Trend Micro