Is There Too Much Fuss Over Cloud Security?

Sue Marquette Poremba

I recently spoke with a security officer who told me that he doesn't want to see his company move work into the cloud because he believes the cloud is not secure. I know he is not alone in feeling that way.


However, in an InformationWeek article, Charles Babcock wondered if the concerns about cloud security are overblown. Discussing the "multi-tenant application," Babcock argues that while of course anything can be made safer, the cloud vendors have already done a pretty good job at making it a fairly secure environment. He stated:

Virtual machines operate alongside each other in shared physical memory but are proven safe from the hazards that we know about today; there is no slop-over of data from one virtual machine to another. When we conceive of the data resident in memory of the multi-tenant application, it is assumed that with a slight slip-up, the data of one user might be taken for that of another.

Security in the cloud is still a generally unknown entity, as more businesses and general users are moving into it, and today's rules and regulations aren't prepared for cloud computing, as Babcock admitted:

When it comes to payment card industry (PCI) compliance, multi-tenant applications are deemed non-compliant, as best I know.
But from my perspective, that means the PCI standard is showing its age and is in need of revision, rather than that the multi-tenant application has been judged perpetually unsafe.

There are going to be a lot of mixed feelings over security in the cloud -- some people will think that it is a safer environment than traditional computing; others will think the opposite. But I suspect that as time goes forward and cloud computing becomes more the norm, security, regulations and compliance issues will be modified.

Add Comment      Leave a comment on this blog post
Oct 28, 2010 6:58 AM Shirief Nosseir Shirief Nosseir  says:

I agree that concerns about cloud security are overblown... but it really depends on the level of maturity of an organization.  Enterprises that are more mature organizationally, operationally, functionally, architecturally, technically, etc, will find it easier to move to the cloud.  Conversely, organizations that do not have their IT house in order could be exposing themselves to a lot of risk, since they do not know what to look out for. 

So far the cloud is somewhat more hype than substance for many organizations.  However, once the competitive gap currently developing between these two types of organization becomes clear to businesses, embracing the cloud will not be an option anymore. 

I invite you to read my blog post titled 'Security is irrelevant.  Resistance is futile.', where I comment on the findings of a cloud security survey conducted by Ponemon Institute:

Oct 28, 2010 12:31 PM Mutui Mutui  says:

Well cloud computing is still something new and i think that soon or later some big security problems will come out.

Nov 29, 2010 12:47 PM siti web siti web  says:

this argument is very interesting!

Dec 2, 2010 6:20 AM prestiti prestiti  says:

Congratulation for this blog, there are a lot of interesting news.

Jan 16, 2012 12:04 PM mutui mutui  says:

great post


Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.