By all indications, cloud computing has arrived on the Indian SMB scene and is here to stay. Microsoft’s ‘SMB Cloud Adoption Study 2011’ is a global survey that includes 100 Indian companies in its respondent base.
The study finds that 39 percent of small and medium businesses worldwide expect to be paying for one or more cloud services within three years, an increase of 34 percent from the current 29 percent. It also finds that the number of cloud services SMBs pay for will nearly double in most countries over the next three years.
While companies will continue to use traditional on-premises infrastructure in combination with hosted offerings, the wind is clearly blowing in the direction of the latter. Cloud computing can help businesses keep a lid on upfront investment costs in infrastructure, hardware and applications as well as the ongoing cost involved in maintaining these IT assets.
Companies get scalable and reliable applications within a pay-as-you-go model that places a premium on efficiency. It is easy to see why this option is attractive to cost-conscious smaller companies and why this IT area is expected to grow rapidly in the near future, even in India where its adoption is still nascent. Recent media reports have mentioned government plans to introduce subsidies for the SME sector to accelerate the shift to the cloud.
Som Mittal, President of the National Association of Software and Services Companies (Nasscom) believes that there is a great deal of value in this shift for small and medium businesses and expects adoption rates to increase exponentially, matching those for tablets and smartphones in recent months. Since its emergence as the dominant technology trend of the current and previous decade, there has been a lot of scrutiny of the security risks inherent in this utility-based, shared resource model.
The Cloud Security Alliance (CSA), an organization that promotes the adoption of security-based practices in this area, published a 2010 report titled ‘Top Threats to Cloud Computing’ in which it listed a set of risks tied to data theft, loss, leakage and exposure that are specific to this IT model. While the benefits of moving to the cloud clearly outweigh the risks, understanding their areas of exposure will help businesses in crafting a watertight service agreement designed to keep their data safe.
A Cisco blog article describes how best to do this in a few succinct paragraphs that touch upon data transfer, software interfaces, storage and user access. However, there clearly is a need to separate the wheat from the chaff when it comes to information on cloud computing, especially as it relates to security risks. One of the best attempts to clear the haze around the issue is by Margaret Dawson, an IT executive and frequent speaker on cloud-related topics, in a blog article titled: ‘Debunking the Top Three Cloud Security Myths’. It goes a long way in introducing balance and perspective into the cloud debate. An excerpt is reprinted below:
Myth1: All clouds are created equal
One of the biggest crimes committed by the vendor community and media over the last couple of years has been in talking about “the cloud” as if it was a single, monolithic entity. This mindset disregards the dozens of ways companies need to configure the infrastructure underlying a cloud solution, and the many more ways of configuring and running applications on a cloud platform. Often people lump together established, enterprise-class cloud solutions with free services offered by social networks and similar “permanent beta” products.
As a result of this definition of “the cloud”, many organizations fear that cloud solutions could expose critical enterprise resources and valuable intellectual property in the public domain. An unfortunate result of this fundamental disservice to the cloud security discussion is that it will only increase apprehension toward cloud adoption.
While the cloud can absolutely be as secure as or even more secure than an on-premise solution, all clouds are NOT created equal. There are huge variances in security practices and capability, and you must establish clear criteria to make sure any solution addresses your requirements and compliance mandates.
Myth 2: Cloud security is so new, there’s no way it can be secure
With all the buzz surrounding the cloud, there’s a misconception that cloud security is a brand new challenge that has not been addressed. What most people don’t understand is that while the cloud is already bringing radical changes in cost, scalability and deployment time, most of the underlying security concerns are, in fact, not new or unattainable.
It’s true that the cloud represents a brand new attack vector that hackers love to go after, but the vulnerabilities and security holes are the same ones you face in your traditional infrastructure. Today’s cloud security issues are much the same as any other outsourcing model that organizations have been using for years.
What companies need to remember is that when you talk about the cloud, you’re still talking about data, applications and operating systems in a data center, running the cloud solution. It’s important to note that many cloud vendors leverage best-in-class security practices across their infrastructure, application and services layers. What’s more, a cloud solution provides this same industry-leading security for all of its users, often offering you with a level of security your own organization could not afford to implement or maintain.
Myth 3: All clouds are inherently insecure As previously mentioned, a cloud solution is no more or less secure than the datacenter, network and application on which it is built. In reality, the cloud can actually be more secure than your own internal IT infrastructure. A key advantage to third-party cloud solutions is that a cloud vendor’s core competency is to keep its network up and deliver the highest level of security.
In fact, most cloud service providers have clear SLAs around this. In order to run a cloud solution securely, cloud vendors have the opportunity to become PCI DSS compliant, SAS 70 certified and more. Undergoing these rigorous compliance and security routes can provide organizations with the assurance that cloud security is top of mind for their vendor and appropriately addressed.
The economies of scale involved in cloud computing also extend to vendor expertise in areas like application security, IT governance and system administration. A recent move toward cloud computing by the security-conscious US Federal Government is a prime example of how clouds can be extremely secure, depending on how they are built.
The one area to remember that folks often forget is the services piece of many cloud solutions. Beyond the infrastructure and the application, make sure you understand how the vendor controls access toyour data by their services and support personnel. Anxiety over cloud security is not likely to dissipate any time soon.
However, by focusing on the facts and addressing the market’s concerns directly – like debunking cloud security myths – it will go a long way in helping companies gain confidence in deploying the cloud.