It’s no surprise that the use of cloud computing in IT is receiving a lot of attention. Government and the private sector are both desperate to save money, and cloud providers, with their pay-as-you-go pricing models, promise a quick way to cut capital expenditures.
But what about security? That seems to be the main point of contention stopping many organisations from taking full advantage of the new utility computing model. They just don’t know if it’s safe.
This presents the security professional with a great opportunity. So often in the past, security people have acquired a reputation for saying ‘no’ to everything and blocking progress; now is their chance to make things happen and become a business enabler.
Security people should evangelise the benefits of the cloud, while showing any major transformation of business processes needs to be based on sound risk-based principles. That way, organisations can avoid embarrassing mistakes and also take full advantage of the benefits cloud can bestow.
The sooner organisations come to this realisation, the sooner they will reap the benefits and stay competitive against later adopters.
The recent Public Administration Select Committee report, which severely criticised government IT procurement practices, made this very point and warned against “gold-plating” security requirements. “Over classifying routine administrative and operational information causes unnecessary technology and operational costs, and prevents the public sector [from] taking advantage of the economies and efficiencies of commodity software and new opportunities,” it concluded.
Security is, of course, a major consideration in any kind of outsourcing deal, and customers need to understand the dangers, and learn to ask the right questions. How will data be handled, what controls does the outsourcer have in place and what happens when the contract ends?
The security professional is well placed to guide the process, to flag up the dangers, as well as encourage use of the most economic services where risks are lower.
Security professionals also need to stay up to date in the fast-moving industry of cloud-service provisioning. Technologies that will enable easier encryption of data in the cloud are in early development, as are the necessary identity management tools that will allow companies to integrate their cloud usage with their on-premise systems.
In addition, many of the big cloud service providers are now building huge server farms in Europe that satisfy the compliance concerns of companies here, thereby removing another big obstacle to widespread adoption.
The cloud, in all its manifestations, will change the face of IT over the coming years, bringing down costs and helping organisations to be more flexible and agile. The sooner organisations come to this realisation, the sooner they will reap the benefits and stay competitive against later adopters. By enabling this to happen safely, security professionals have a real chance to help their companies stay profitable in difficult times.