Picture of author here:
Pics in an odd format - so best to crop with white space on each side
V:\•PRODUCTION\•PREMIUM CONTENT\Premium Content Graphics\Photos
There has been a lot of speculation about the impact of PRISM on data security and cloud computing.
The Information Technology and Innovation Foundation (ITIF) has announced that due to the fears over data privacy and security that PRISM has highlighted, the Cloud Computing industry stood to take a hit in the order of $36bn by 2016.
Forrester Research has come out to say this estimate is too low and the impact could be far deeper to the tune of $180bn. This is a staggering figure for a maturing industry which has attracted huge enterprise investment.
But now that investment is starting to crack. Only this week I learned that some 50+ cloud service contracts have either been put on hold or cancelled altogether.
These are localized issues to the US presently, and foreign investment in US-based Cloud services are the ones taking the hit due to the US Government being allowed access to data that sits on US based servers. However given the far reaching implications of the NSA program and the alleged complicit actions of other governments in supplying data it is safe to assume that the scaremongering effect will spread to other countries.
But this isn’t the end of Cloud by any means and people crying ‘It’s the death of Cloud’ need to be treated with caution. The death of on-premise software was also exaggerated.
You have clear choices and actions in developing a Cloud-based strategy that will ensure scalability without compromising security.
- Bring your own encryption – we’ve seen that cloud based communications companies like Lavabit and Silent Circle have now closed their services because they cannot ensure privacy if the US Government asks them for information. In order to secure your data it is essential that you investigate your own options for in-house encryption and not rely on a third party service outside the firewall to do it for you.
- Examine the Cloud contract – this is often ignored and placed in the hands of the legal and procurement teams who don’t fully understand the implications. For example, just who is responsible for your data should something go wrong ? Use a specialist lawyer who is well versed in cloud negotiations to ensure you don’t fall foul of the small print.
- Know where your servers are – right now US-based services are a prime concern for the enterprise but its already been shown that other countries governments are involved in data sharing and data access. But this doesn’t stop you from knowing which countries have the more stringent data protection policies in place with financial penalties for misconduct. The UK and Germany for example have two of the strongest acts in place for this.
- Private, Public, On-Premise, or Hybrid ? - We’ve seen that moving everything to public Cloud is a no-no and that the death of on-premise has been greatly exaggerated. The clear choice is to deploy a hybrid model. A hybrid strategy will benefit from all the advantages provided by cloud solutions (frequent and easy to accomplish upgrades, opex vs capex benefits), and still may choose to run those in private clouds or on-premise. Hybrid works because of the combined benefits each bring individually:
- Public for maximum flexibility and efficiency
- Private for maximum control
- On-premise for compliance and privacy
- Cloud integration is the lynchpin – integration platforms provided through, for example, Software AG, Informatica and Mulesoft to connect SaaS applications to the enterprise are the lynchpin in powering a hybrid cloud strategy. Don’t treat integration as an afterthought.
- Don’t ignore the developers – Cloud developers are a breed apart, and are typically more closely aligned to the business than most. They can leverage the cloud for greater productivity and business requirement alignment and are an integral part of a hybrid cloud solution. They use cloud platforms like LongJump to build internal-facing applications easily for swift deployment.
There is no denying that the Snowden leaks have had a massive impact on the IT industry in general, and that Cloud services are now under enterprise scrutiny, but with strategic and tactical decisions made with intelligence not by gossip these ripples can be navigated through easily.
Box: Resources on Cloud Computing
CW Buyer's Guide: Private Cloud
Cloud Computing for Business
Ovum: Cloud Computing - 10 tips for IT departments and suppliers
Cloud Computing guide to interoperability and portability
Computer Weekly Buyers' Guide: Cloud Computing
Theo is Vice President and Chief Evangelist at Software AG.