“In the cloud” computing – using systems and resources outside of the Enterprise such as Salesforce.com, Live Mesh – promises reduced costs and increased flexibility for a business. But what of the risks?
There’s an excellent feature on “The Dangers of Cloud Computing” here at CIO.com. The article discusses the potential risk associated with cloud-based services as well as some of the reasons why risk my be reduced as a result of using them:
One reason is that a cloud provider can invest more in security than any individual small business could, because the cost is applied across hundreds of customers. Another is that as soon as a cloud provider patches a security vulnerability, all its customers are protected immediately, unlike the case for downloadable patches that IT must apply itself.
For me, one of the most important points is made towards the end of the article:
When it comes to cloud computing, the experts fundamentally offer the same advice, which can be summarized by two very famous quotations, one an old Russian proverb that President Reagan liked to use–“trust but verify”–and the other by Intel’s famous former CEO, Andy Grove–“only the paranoid survive.”
That’s good advice and the process I use is to apply the same rigour to auditing cloud-based service providers as for other third party vendors. Don’t be afraid to question every aspect of their network management. In my experience the good service providers are open and transparent about the systems they have in place and the processes they use for managing them. After all , it’s your money they’re taking.
There’s an interesting new blog on the subject of cloud computing and security here at cloudsecurity.org.