Cloud Computing Forces Data Governance Issue

Michael Vizard

With security positioned as the number-one issue holding back the adoption of cloud computing by luminaries such as RSA president Art Coviello in his recent RSA Conference 2010 keynote, there's obviously a lot of gnashing of teeth over the relative security merits of cloud computing.

Some argue that cloud computing platforms provide greater levels of security because the systems are guarded by world-class experts. Others argue that it's only a matter of time before we have a major security breach that results in hundreds, if not thousands, of customer accounts being compromised. This debate has led the Cloud Security Alliance to identify the top seven security threats to cloud computing.

But Tom Young, a partner and managing director for CIO services and infrastructure at the IT consulting firm TPI, cautions that we shouldn't let hysteria govern our cloud computing emotions. The real issue is identifying the appropriate level of security for various types of data. Obviously, the most sensitive data should continue to reside on premise, but there is a host of information that companies routinely store that doesn't need to be that secure. Like everything else in the land of IT, security in the cloud has to be evaluated against the risks and liabilities involved. That means that for the first time, many IT organizations are going to have to implement data governance policies that will ultimately decide where certain types of data are stored.

In addition, the long-term benefits of cloud computing services, when it comes to analytics, might further tilt the equation in favor of cloud computing. It won't be long, says Young, before cloud computing providers offer analytics services that help identify underlying trends in a company's data. IBM, for instance, is already moving in this direction.

Right now, says Young, there are two schools of cloud computing. One is led by relative enterprise IT newcomers such as Google and Amazon that have gained traction at the departmental and business-unit level. The other camp is led by IBM and Microsoft, which are campaigning for more strategic corporate cloud computing initiatives that are likely to be decided by a team of C-level executives. Which camp will ultimately dominate is still anybody's guess, but as the cloud computing decision moves higher up in the organization, the more strategic the security question becomes.

Add Comment      Leave a comment on this blog post
Mar 11, 2010 2:45 AM Marcelo F. Antunes Marcelo F. Antunes  says:

It is a common trend into every technology that a intrusion shall occur somewhere in time as to compel those used to expand our frontiers of knowledge to perform it for good or evil. It is the most adopted way mankind has evolve since the Stone Age: who kidnapped my Sabinas? To ignore it is the Summum Bonum for every thieve.

I would dare say that as a strategy policy maker in a IT international distributor we use two LAN's one for strict internal use only where the more sensitive data is stored and protected from external access and from employees misuse and another one with few points allowed to access Web with daily up-to-date firewalls and encrypted access.

Only after loosing all your data assets could one figure how much was the real economy made on a cloud computing data center that in my opinion is a good storage place only for groceries in a worldwide growing trend terrorist assault.

Mar 17, 2010 12:12 PM Josh Goldstein Josh Goldstein  says:

Full disclosure: I work for Cirtas (, a startup addressing cloud storage barriers to adoption.

In every survey conducted by analyst firms (Gartner, IDC, etc.) that I've seen, security is the #1 concern with using cloud services, storage included.  At Cirtas, we work closely with the major cloud providers and I can honestly say that their infrastructure and process controls are superior to those in most any organization.  In other words, the risk of a security breach in the cloud is probably lower than it is in your own data center.

That said, companies are looking for additional safeguards when they trust their information to a cloud provider.  Cirtas' technology provides these safeguards - making information stored in the cloud useless to any intruder who might obtain it through a security breach.  Only the rightful owner of the data has the capability to use it.

I can't yet discuss the specifics (we're in stealth mode) and this is just one of the challenges related to cloud storage that we're solving.  But people out there should know that there is technology coming very soon that addresses security concerns and will make using the cloud practically the same as using local resources.


Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.