Desynit has been working with a client over the last year to move their legacy applications to a SOA solution on the Salesforce.com platform. We are about to put our solution live, so check back soon for our case study. In the meantime, we’ve been doing a little more research into the minefield of Cloud Computing security.
Cloud Computing is the future. That’s the message that we are hearing, and it appears to be true. Getting your software on demand from a cloud based supplier, on a ‘pay for what you use’ basis means five key benefits – its cheaper, quicker, up-to-date, scalable and mobile. These benefits have appeal for any business, from the one man band to the largest multinational. Great, but what about security?
How can businesses protect their data, and stay on the right side of the law in their handling of sensitive data relating to other businesses and individuals? Cloud computing means sending unencrypted data to a machine owned and operated by an outside organization. To add a further legal complication, data protection legislation needs to be considered on a country by country basis, so a UK business needs to make sure its not breaching privacy laws when allowing, say, a US based mobile computing giant to store their customer data.
Determined to find out more and arm ourselves with some facts, we sent along a representative to two Cloud Computing events to get acquainted with the issues.
The IBM, M7 Cloud Business Briefing
The first event took us over the bridge to the Millennium Centre in Cardiff. With presentation from M7, IBM, and e-crime Wales the focus of the day was the security threats related to releasing your data to the Cloud. Take a look here at the presentations.
In particular, the e-Crime Wales presentation gave us plenty of food for thought, and asked the questions that any business should consider before embarking on Cloud based solutions. One element of the presentation the speaker was keen to repeat until it stuck was:-
YOUR DATA = YOUR RESPONSIBILITY
Gulp. It’s true. To find out more, check out the information on
Cloud Security Alliance.
Cloud Computing: Legal, Organisational and Technological Issues
Held at the University of the West of England, this day was aimed at anyone with a vested interest in staying in touch with the key issues. As you would imagine from the lecture title, the attendee list included as many legal professionals as IT people.
The main presentation of the day came from the people from HP Labs. They were presenting their client based privacy manager. This solution was targeted towards problems surrounding the use of various cloud platforms, but considered in particular the use of Salesforce.com for the storage of sales data.
This Privacy Manager works on a number of levels. Data is obfuscated before being sent to the cloud. In addition, it is possible to select privacy preferences for the treatment of personal information, use different personae for differing levels of information disclosure, and review and correct information stored in the cloud. If you are interested to learn more about this solution, please email Desynit and we will send you a copy of the paper.
I don’t think that it would be particularly disloyal to the speaker to mention that the presentation contained a section entitled ‘When our Solution is Not Suitable’, which is a reminder that we have a way to go. There is clearly an understanding not just among the IT community, but also within the legal community, that Cloud Computing presents a can of worms, which we need to address urgently.
Did we answer our own question?
In conclusion, is Cloud Computing secure? Unfortunately we are not in a position to answer this question, and right now the point is that none of us can. What we do know is that there are resources out there which can guide you through this minefield, some of which we have listed above.
There is a lot of consider. But that doesn’t mean that businesses should only consider the risks. Think too of the benefits. Our favourite presentation quote goes to e-Crime Wales:-
“Have you considered [the Cloud] may provide better security solutions?”