Cloud cuckoo?
By Martin O'Neal, May 29th, 2009.
There has been a lot written recently about cloud computing and the benefits of abrogating large chunks of an organisation's data to a third-party specialist. But like so many next-big-things, it isn't really that new though. Companies have been offering virtualised and outsourced managed services for a long time, with varying degrees of success. What is new here is mostly the marketing frenzy around the word 'cloud'. And as usual, every man-and-his-dog is rushing to rebrand their product to include the latest buzz word somewhere in their marketing material. Same rice, different chopsticks.
Anyway, as is also the norm, many organisations are blindly rushing to jump into the frying-pan without giving enough attention to the security implications. Don't get me wrong though, I don't believe that cloud computing is a problem in itself. Quite the opposite; if approached sensibly and with a good understanding of the risks to the data, then there are potentially some advantages to be gained. However, for the unwary, there are also some hefty custard-pies waiting in the wings.
The trick is to think of this as a vanilla out-sourcing arrangement. Profile your data, understand the threats and risks, and apply your corporate governance policy. And remember; if your data profile and governance policy highlights data that simply must never be put into a cloud, then at least make sure the idiot VP of sales (that insisted on a cloud solution after reading about it in an in-flight magazine) is personally signing off the risk. You know it makes sense.
