Johannesburg, 29 Jun 2009
Security experts claim cloud computing is here to stay; however, the technology comes with risk, as complete control over data stored in the cloud is impossible.
This is according to Dr Steve Purser, head of the technical department of the European Network and Information Security Agency.
The Symantec Cloud Computing and Innovations Showcase, held last week at the Hospital Club, in London, featured a panel debate of experts addressing the fact that cloud computing is essentially borderless, and that future regulations will change the cloud computing landscape.
Cloud-based computing allows companies to avoid costly capital expenditure by allowing a third-party provider to host and manage the company's information on an off-site data centre. The problem comes in, according to Wikipedia, when users sacrifice their information privacy and control to the third-party and are at risk of their information being leaked to other parties for financial gain.
Changing times
Purser believes cloud computing will change the way roles in information responsibility are perceived: “Cloud computing is about effectively handling scalability problems and, in these tough economic times, the smaller data centre service providers are not going to survive.”
Guy Bunker, independent security consultant, predicted the traditional role of the IT administrator will drastically change in order to balance out the compliance risks relating to cloud computing: “One of the biggest problems around compliance within the cloud is that the majority of companies don't know exactly where their data lies or who has access to the information.”
Bunker said there's a gap in security awareness around cloud computing, particularly seen in cost-conscious individuals and small and medium enterprises (SMEs).
“In the same way in which you wouldn't leave your door open when you leave your house, you wouldn't put your sensitive data in the hands of someone you don't trust. Yet, when it comes to distributing information to data centre service providers, the level of trust changes. We see this particularly on social networking platforms, such as Facebook, where people put their guards down and publicly upload their personal information for the world to see.
“It's not only the responsibility of the service provider to make sure the data is secure, but the company claiming ownership of that data also has to have responsibility over it and have to comply with the Data Protection Act (in the UK),” said Bunker.
Securing information
Kimon Zorbas, VP of the Interactive Advertising Bureau Europe, said people underestimate the reputation and damage that can be caused if cloud computing doesn't work. “Cloud computing service providers have to store information in countries that have an adequate data protection regime. The European Commission says the data you collect must be adequately protected, whether it's personal information or not.”
Dave Evans, compliance manager of the Information Commissioner's Office, pointed out that regulators should implement regulations that force cloud computing service providers to adequately protect data in such a way that enterprises will feel comfortable to access that information, no matter where in the world it may lie.
The only way for businesses to take advantage of the opportunities offered by cloud-based computing is for the business to have confidence that its data is protected, the panel discussion concluded.
Ilias Chantzos, head of Symantec's government relations and public affairs programmes for Europe, Middle East, Africa and Asia, said: “A lot of dialogue, learning from what has gone right and what's gone wrong is how the Internet developed without regulation, and I predict the same will be for cloud computing.”
Related stories:
User control drives security concerns
Companies still wary of the cloud
Demystifying the cloud
A local cloud computing perspective
Share