Tuesday, March 30, 2010

Cloud security

 
One of the biggest challenges that ‘cloud computing’ faces is the issue of data security. Many, many clients and IT Professionals are rightly worried about how secure information will be when it resides in the cloud. In thinking about a suitable answer to these concerns for people that I speak with I have come with an analogy that I’d ask you to give me some feedback on to see if it resonates with you.

I’d like to compare online security to the way we save our money with banks. Now it is certainly possible to take the money that you accumulate and stash it somewhere in your own home. This I would equate to having your own computers on site. Now, it is certainly possible to secure the money when in it is in you own house. You can buy a safe, you can store the money in an old shoebox pushed to the back of a cupboard and so on. You know exactly where it is and you generally feel secure knowing that the security of this asset is totally under your control.

Compare that with putting your money into a bank. You deposit your money and you get a statement in return acknowledging your deposit. You can then leave the bank in the generally secure knowledge that your money is ‘safe’. Obviously you are, along with lots of other people, ‘trusting’ the bank to keep it secure, however they do generally and means you also don’t have to worry about the security of your funds.

So let’s look at the benefits a ‘shared’ security system like the bank offers. You can walk into any branch of that bank and withdraw your funds. You don’t need to go back to your place to get cash when you run out. In most cases you can also get access to your funds from any ATM in the world. Also in general the bank will pay to some interest on the funds you have left in their safe keeping.

We all know that the world is far from a perfect system. We also know that depositing your money with a bank has costs in the form of fees and taxes, yet the bottom line is that the banking system has been utilized for a long time and still works today. In fact, it has become so ubiquitous that I would content that not having a bank account these days actually counts against you. I don’t know many jobs that pay via cash or cheque these days, even though I’m sure there are still some.

What I’m trying to demonstrate with this analogy is the fact that we consider money pretty valuable and most people ‘give’ that money to another business to ‘mind’ for them. Isn’t that the same sort of thing that would happen with cloud computing? Again, I readily accept that banks are not perfect but then again neither is stashing your money under you pillow.

Perhaps this leads me to the other issues that’s been rattling around my head of late. It seems to me that people ‘think’ that cloud computing should be prefect. That is without issues, downtime, flaws etc. Maybe the reasons for this kind of thinking have been some cloud computing advocates that have testified that cloud computing is indeed without fault. They may have done this as a method of differentiation against the status quo or whatever. The problem is that they have created an expectation that is simply unattainable, as this is technology after all. This has now meant that cloud computing has has to live up to an unrealistic expectation of 100% trouble free operations 24 hours a day seven days a week. This has made it extremely easy for a critic to point to any failure as a systemic failure of the whole concept of cloud computing.

Again, back to the banking analogy. Sure it isn’t prefect but it is an accepted and widely used system. The average person tolerates the problems because they receive benefits that the system outweighs in their minds. We have all heard the media and politician ‘bank bashing’ but how many people actually change banks I wonder (I don’t know). Then again they don’t stop using the banking system do they? They simply use another bank.

In some ways that’s the beauty of the banking system (and potentially cloud computing). You can choose a provider who suits your needs and you can still change if you want. Sure it is a pain to do that but can’t the same be said about changing banks as well?

As you can see I do like my little banking/cloud computing analogy but I’d be interested to hear what people think as I appreciate that it is far from perfect and I’m sure I’ve overlooked something. As always feel free to send me your feedback via director@ciaops.com.