Cloud computing continues to hog the headlines

 

But it's hardly surprising cloud computing is attracting all this attention even in these cash-strapped times - because it promises to save money. Even the US government is looking to cloud computing to cut the cost and environmental impact of its IT infrastructure. The US federal chief information officer Vivek Kundra said that infrastructure costs make up $19 billion out of the US government's total IT budget of $76 billion, and it now operates 23 data centers. He said that the recent revamp of USA.gov is an example how cloud computing could help reduce costs; a traditional approach would have taken 6 months and cost $2.5 million a year, with cloud computing, this was reduced to just $800,000. Exactly how the Obama administration will proceed with total transformation is unclear, but it has already started with its Apps.gov site that supports government departments who want to deploy cloud applications. 

 

 

Away from the buzz around costs savings, security is perhaps the biggest concern enterprise cloud computing faces. There are dire warnings from some in the security industry that moving ahead with too quickly with cloud applications using Internet infrastructure could introduce a whole new range of security problems. It points out that "Every breached security system was once thought infallible", so cloud computing providers need to give their customers' data security commensurate with the data's value.

 

Gartner says that businesses should look to get an independent security audit before committing to a cloud vendor. It says that cloud computing raises issues in a number of areas, specifically: data integrity, recovery, and privacy, and outlines seven questions that enterprises should ask of any prospective supplier. These include: asking who has privileged access to your data; whether they are compliant with security and data regulations; where the data will be stored; how your data will be segregated from other customers; what their disaster recovery standards are; whether they will support investigations into inappropriate use; and ensuring the provider is financially viable  in the long term. 

 

Other useful sources on cloud computing security include the Cloud Security Alliance's  security guidelines. It is currently revising the document and plans to publish v2.0 of this guidance in October. The Jericho Forum - known better for its work on security in deperimeterized organizations - has been working with the Cloud Security Alliance since earlier this year and is involved in the update. It has also published some interesting material on cloud security, including its Cloud Cube model.