Ever since the term “cloud computing” was coined a few years back, the very thought of allowing a company’s data to sit out in some undisclosed location in cyberspace has left CIOs and CFOs quaking in their shoes. If they can’t control their data (or even know where it is) how can they protect it? Their worry is one of the main reasons why cloud computing is more talked about than actually adopted by businesses.
That’s why a claim by one of IBM’s security mavens, Harold Moss, chief technology officer of cloud computing strategy, seems so surprising. “There’s a misconception that cloud is less secure than traditional IT environments,” says Moss. “The cloud can actually be more secure.”
How is that possible? I’m sure some of you disagree with his conclusion, and I invite you to weigh in with comments…
Moss gives three reasons for his assessment:
1) When companies shift computing tasks to the cloud, they’re on guard. They make sure a good strategies and technologies are in place to protect their data.
2) They don’t just move everything at once and treat it all the same. The company, or the third-party cloud service provider, can set up a security regime that’s suitable for the applications they’re moving.
3) A third-party cloud service provider is likely to have superior security technology and expertise than does a company that’s just protecting its own data. That’s because it can spread the cost of security over a number of clients, while an individual company has to shoulder the entire burden itself. (This consideration is especially important in the case of small companies.)
The key to safeguarding data in the cloud, Moss says, is specialization. “One size doesn’t fit all. Not all clouds are the same,” he says. For instance, when IBM engineers designed the security for Lotus Live social networking and collaboration services, their focus was on giving users the maximum amount of control over who they share their information with and under what circumstances. The security considerations are quite different for an SAP financial application hosted in a cloud environment.
The idea that all clouds aren’t the same came to IBM gradually. In the early days of cloud computing, some of the industry pioneers painted the vision of vast data centers equipped with one kind of computer and running one kind of software. Everything would be treated the same. At IBM, the various business units pursued strategies aligned with the capabilities they offer and the needs of their clients. So they ended up producing differentiated cloud services–and different security schemes. “It sort of evolved that way. But it turns out it’s a good idea,” says Moss.
Is Moss right? Or is this a bunch of self-serving IBM marketing spin?