Venyu Blog

Ladies and Gentlemen, cloud computing has finally hit “the big time.” Granted, it was during the popular “Power Lunch” segment on CNBC, however, at least someone in the national broadcast media is finally taking notice of the industry’s paradigm shift from physical to virtual data centers.

The segment, broadcast on June 2^nd, was embedded in an article authored by John Moore, called “Reducing Security Risks in Cloud Computing” which, just as advertised, outlines the recent security-related outages and data breaches (Amazon and Sony, we mean you), and best practices that are being created to limit risk and increase competitive advantage. (On a personal note I’m slightly ticked that the media — which frequently makes its bones picking apart the carcasses of the recently accused only when they finally shuffle into the national spotlight—chose now to give cloud computing a stage; still, I think all in all it’s a positive development towards more global acceptance of cloud as a service, a platform, well you know what I mean).

Moore includes initiatives underway by The Cloud Security Alliance which is looking to promote best practices for both cloud computing providers and their customers.

Jim Reavis, executive director of the Cloud Security Alliance, is quoted in the article and suggests that when it comes to cloud computing, responsibility and accountability flow both ways.

“Providers have a responsibility to be a lot more transparent in exactly what they’re doing—how they’re securing systems, how they’re managing data, how they delete data, how they provision systems,” Reavis says. “And customers have to understand that they can’t just throw all of the security and compliance concerns to the provider; they have a responsibility, as well, to ask for the right things, to understand their risk management responsibilities, because you can’t outsource that.”

Moore suggests that the primary reason for organizations to pay third parties to manage storage and database management offsite – to realize savings on both technology and personnel—doesn’t mean those same organizations can simply walk away and relinquish control over that data on a day to day basis.

“What we’ve found is some of them have gotten a bit sloppy,” said Reavis. “Because cloud is so easy to provision, enterprises sometimes bypass their central procurement department. The general IT processes that do all the vetting for risk management and security don’t get followed sometimes.”

According to Terry Woloszyn, founder of PerspecSys, an Orangeville, Ontario-based developer of cloud data governance solutions,balancing the requirements for secure customer and business data with the meaningful savings available through cloud computing is beginning to result in an emerging hybrid-based solution that takes advantage of both outcomes.

“The sensitive data is staying within the customer’s enterprise, just like an on-premise application,” Woloszyn explains. “But from the end-user’s perspective, they’re getting all the benefits of a cloud application. The whole delivery model is going to have to mature to a more hybrid approach that gives some of that control back to the enterprise so they can mitigate their own risks.”

View the resulting discussion below. While it’s no eye-opener on those of us already in the “cloud know” crowd, you can be sure that with this kind of national visibility cloud computing is not only validated as a technology on the move and worthy of consideration by almost any size enterprise, but also here to stay for some time to come