With security positioned as the number-one issue holding back the adoption of cloud computing by luminaries such as RSA president Art Coviello in his recent RSA Conference 2010 keynote, there's obviously a lot of gnashing of teeth over the relative security merits of cloud computing.
Some argue that cloud computing platforms provide greater levels of security because the systems are guarded by world-class experts. Others argue that it's only a matter of time before we have a major security breach that results in hundreds, if not thousands, of customer accounts being compromised. This debate has led the Cloud Security Alliance to identify the top seven security threats to cloud computing.
But Tom Young, a partner and managing director for CIO services and infrastructure at the IT consulting firm TPI, cautions that we shouldn't let hysteria govern our cloud computing emotions. The real issue is identifying the appropriate level of security for various types of data. Obviously, the most sensitive data should continue to reside on premise, but there is a host of information that companies routinely store that doesn't need to be that secure. Like everything else in the land of IT, security in the cloud has to be evaluated against the risks and liabilities involved. That means that for the first time, many IT organizations are going to have to implement data governance policies that will ultimately decide where certain types of data are stored.
In addition, the long-term benefits of cloud computing services, when it comes to analytics, might further tilt the equation in favor of cloud computing. It won't be long, says Young, before cloud computing providers offer analytics services that help identify underlying trends in a company's data. IBM, for instance, is already moving in this direction.
Right now, says Young, there are two schools of cloud computing. One is led by relative enterprise IT newcomers such as Google and Amazon that have gained traction at the departmental and business-unit level. The other camp is led by IBM and Microsoft, which are campaigning for more strategic corporate cloud computing initiatives that are likely to be decided by a team of C-level executives. Which camp will ultimately dominate is still anybody's guess, but as the cloud computing decision moves higher up in the organization, the more strategic the security question becomes.