The natural maturation of cloud computing has brought it from a nascent, fringe technology to near mainstream status in just the past few years. Innovations have allowed hosted applications to provide greater efficiency and flexibility to IT departments like few other technologies in history.
Still, it seems as though companies can't look past their long-held notions of a lack of security in the cloud. No matter what new advancements are introduced, or how often experts say there is nothing to fear, the overwhelming belief is that cloud computing security continues to lack the appropriate protection now required by enterprises.
According to a recent InfoWorld report, that was evident during the recent ZendCon 2011 conference, held in Santa Clara, California. There, a panel discussion focused on the continuing fears app developers have regarding data security in the cloud.
Attendees at least acknowledged that public cloud providers do practice data protection measures, but said vendors can't be relied on for everything.
"You can't depend on the fact that, 'OK, nobody can get behind my firewall,'" IBM distinguished engineer Mac Devine said, according to InfoWorld. "You need to be thinking differently. It's a shared environment."
Such views on cloud security were certainly given weight with the recent news that Los Angeles officials concluded that Google Apps for Government cannot provide a level of security high enough for the city's police department, according to documents obtained by Consumer Watchdog, an organization that monitors data protection and privacy standards in the U.S.
The city and the provider have squared off for nearly two years debating the security of Google's offering.
"If Google is unable to satisfy the security needs of the LAPD two years after it promised to do so, the company is likely not able to meet the needs of the federal government or other governmental agencies regarding security," a letter obtained by the watchdog group said. "These agencies deserve to know the details, given Google's practice of holding Los Angeles out as a model for other governmental cloud computing contracts."
Specifically, the LAPD has argued it is not confident that Google Apps can provide enough security to product such data as criminal reports and information regarding the department's many ongoing investigations. Currently, the city government is attempting to break its agreement with Google.
However, it's important to note that what a city government requires for data security may not be the same as a private enterprise. And experts more than agree that hosted applications can protect a company's confidential data.
In a recent report for SYS-CON Media, IT expert Derick Townsend said he took "cloud security for a spin."
He argued that IT departments listen to cloud horror stories and are inclined to believe that data protection measures for cloud apps don't exist. The problem, Townsend said, is that many companies are still unaware of the specifics of cloud computing, despite the deluge of information that has been reported on the technology lately.
"IT professionals frequently develop unwarranted security concerns regarding cloud computing primarily because cloud environments are dynamic and enable new levels of workload portability that are very different from what they're familiar with," he wrote.
As it turns out, some attendees at the ZendCon event actually fell into Townsend's corner. According to InfoWorld, Amazon senior Web services evangelist Jeff Barr, whose company is among the largest cloud providers in the world, argued that cloud security is better than most people think.
Amazon actually prides itself on availability and security, InfoWorld reported.
"We're always trying to make everything better," Barr said during the conference discussion, according to InfoWorld.
Cloud Security News from SimplySecurity.com by Trend Micro