Is There Too Much Fuss Over Cloud Security?


I recently spoke with a security officer who told me that he doesn't want to see his company move work into the cloud because he believes the cloud is not secure. I know he is not alone in feeling that way.


However, in an InformationWeek article, Charles Babcock wondered if the concerns about cloud security are overblown. Discussing the "multi-tenant application," Babcock argues that while of course anything can be made safer, the cloud vendors have already done a pretty good job at making it a fairly secure environment. He stated:

Virtual machines operate alongside each other in shared physical memory but are proven safe from the hazards that we know about today; there is no slop-over of data from one virtual machine to another. When we conceive of the data resident in memory of the multi-tenant application, it is assumed that with a slight slip-up, the data of one user might be taken for that of another.

Security in the cloud is still a generally unknown entity, as more businesses and general users are moving into it, and today's rules and regulations aren't prepared for cloud computing, as Babcock admitted:

When it comes to payment card industry (PCI) compliance, multi-tenant applications are deemed non-compliant, as best I know.
But from my perspective, that means the PCI standard is showing its age and is in need of revision, rather than that the multi-tenant application has been judged perpetually unsafe.

There are going to be a lot of mixed feelings over security in the cloud -- some people will think that it is a safer environment than traditional computing; others will think the opposite. But I suspect that as time goes forward and cloud computing becomes more the norm, security, regulations and compliance issues will be modified.