Johannesburg, 26 Nov 2009
Companies need to be able to adapt fast enough to change with the global economy. Cloud computing can help realise this, but organisations need to secure against future risks which could determine whether the technology could be used to deliver real business value.
This is according to Johann van der Merwe, security advisory competency leader at PricewaterhouseCoopers, who spoke about analysing the security risks of cloud computing at the ITWeb Cloud Computing conference, held in Bryanston, this week.
Security punt
“People often use security to argue why you should use the cloud as a service. But they often miss the point of cloud computing and security, as they should focus on the needs of the business,” said Van der Merwe.
He stated that cloud security needs to be put into context in terms of whether people are talking about the public or private cloud. “The type of cloud infrastructure required will determine the type of security required - if the impacts are different, then the risks are different.”
Van der Merwe added that businesses need to look at whether the cloud solution is proprietary, which will promote vendor lock-in to a particular service provider, as well as determine whether the system will be outsourced or in-sourced, which determines who ultimately manages the solution.
He pointed out that the boundaries of organisations are disappearing, and that there is a very real need to secure data as it moves through the cloud.
Business as customer
Cloud computing already differs from traditional computing models, said Van der Merwe, and the mechanism of securing the cloud should be no different.
According to him, the risks of cloud computing should depend on the business requirements and the application of them. There is a need to focus on the business to assess the impacts and risks associated with cloud computing.
“The danger is that security isn't seen as a business model, and as such isn't billed as one. The information security organisation needs to reposition itself within the enterprise, and change the way of thinking surrounding security.”
Share