Cloud computing security risks guide: How safe is the cloud?

Although moving IT to the cloud brings advantages such as flexibility and scalability, cloud computing security risks are seen as a major impediment for its wide-scale adoption.

Cloud may bring quick scalability and flexibility for a growing business, but IT pros still see cloud computing security risks as a major hurdle to cross.

Service providers assure that they can treat security as a resource using virtualisation technologies and channel security resources where they’re needed on demand. But fears of cloud computing security risks still hold many from using cloud services.

Treating security as a resource allows providers to offer varied levels of security. This means when systems and applications come under attack, the provider can divert more resource to protect the element that’s under attack.

“But many still view cloud as [an] innately riskier and insecure option, although it offers the prospect of having a safer environment than the current environment many customers are in,” said Martin Sadler, director of cloud and security, HP Labs.

He reasons that cloud offers the ability to bring together complex IT in a small number of places where you can manage it in a standard way. In addition, Sadler noted that the underlying virtualisation technologies allow the provider to treat security as a resource and “flex it up and down” in the same way they flex other resources.

“As the cloud operates in an automated fashion and is designed for multiple users, providers can recognise problems quickly,” Sadler said.

Cloud computing security risks

Despite reassurances, fears of cloud computing security risks (such as data loss and security breaches) still outweigh benefits for many IT pros. One credit rating agency in the UK decided to host its IT infrastructure in-house after evaluating all cloud service options, recalled Tim Anker, the founder of Colocation Exchange, a consultancy for data centre or colocation space services.

“Security was the single most important factor for this company,” Anker said. “But that doesn’t mean cloud computing is not for the financial segment. In fact, financial services are one of the early adopters of cloud services.”

Given the sensitive and valuable nature of the equipment and data housed in data centres, sophisticated security systems are essential. Such measures can range from CCTV to door key cards to reinforcing the structure of the building itself. It is also important to ensure that a data centre can remain operational after any sort of man-made or natural disaster, security experts said.

Although IT pros are wary of cloud computing security risks, one advantage is that a cloud contract allows customers to transfer some of the responsibility to the provider. “It allows us to sleep peacefully at night because we pay another organisation to make sure it performs consistently and is backed up,” said Tim Brice, the IT infrastructure manager at WTB Group , a company that supplies building material. The company opted to outsource in January 2011.

“Today, in most organisations, the responsibility to plan for the demand placed on a physical infrastructure lay with the customer,” said Mateen Greenway, EMEA chief technologist for defence, security, government & healthcare, HP Enterprise Services. “If they did not buy enough hardware to support their usage, they had to go back and buy more and face all the associated costs and time-lags.”

One drawback of an in-house data centre is that the enterprise itself will have to put a security measure in place. Many smaller businesses find it expensive to arrange for their own security measures and find outsourcing a more cost-effective option.

In addition, building a secure infrastructure from scratch can be expensive, so a lot also depends on where you are starting from as a business, said another IT expert, James Carnie, director of eLINIA, a UK-based managed service provider. Cost-efficiency could make cloud attractive to even those worried about cloud computing security risks. But if your organisation has sensitive data such as public health records or customers’ financial records, then hosting a data centre in-house and arranging for its own security may be more suitable.

It is worth making the additional investment and retaining the data centre in-house if you are wary of cloud computing security risks. “If you already have a fairly robust platform in place, then it might be worth making the additional investment in security infrastructure and training staff,” Carnie said.

Additional reading in this section:

How to physically secure your colocation data centre
There are many facets of data centre security -- physical security, access control, smoother monitoring and so on. This article offers advice on how to secure a data centre.

Extra negotiation helps firm answer cloud computing security questions
This article offers guidance to professionals on how to assess whether the cloud supplier is serious about securing your business’ data.

Cloud computing adoption remains tepid
Despite its benefits, cloud computing has still not become mainstream, according to TechTarget Inc. and’s “Cloud Computing Adoption Survey 2011”. Find out why.

Electricity supplier Haven Power adopts Amazon Web Services 
This case study shows how the energy firm used Amazon Web Services (AWS) cloud to make its IT scalable in a cost-effective way.

Archana Venkatraman is the site editor for Please contact her at [email protected].


Read more on Cloud computing services