59% of survey respondents from a 2008 from a CIO research report on cloud computing say vendors have not adequately addressed security concerns related to on-demand offerings, yet 47% say they're already using it or actively researching it. IDC predicts that spending on IT cloud services will hit $42 billion by 2012 and that it is THE next disruptive wave in IT.
My biggest concerns with cloud computing and security are about the data:
- where/how is data stored?
- where/how is data backed up?
- how are apps certified for compliance?
- who's responsible for a data breach -- the data "owner" or the data "storer"?
- do i have leverage enough to demand 3rd-party security audits and strong security service-level agreements (SSLA's) from my vendor?
If the answers to any of the above questions are "no" or unclear, I'd run like hell.
I'd like to add an extra concern: one that is maybe more relevant over here in Europe than in the US: that of Data Protection.
A major concern for some companies is "Under who's jurisdiction are the data stored?". We have stringent laws in Europe about protecting personal data and restricting the disclosure of that data. The same rules may not apply in other jurisdictions.
e.g. UK company chooses data storage in the US. Is the data then subject to Patriot Act etc.?
Gareth
Post new comment