Ten years ago, when companies guarded information within closed networks, the idea of handing over a sizable chunk of competitive data to a place called the “cloud” didn’t have much appeal. Why take the chance of placing sensitive corporate information at so much risk when you could safely monitor it behind your own firewalls?
Today, these solutions are pursued because they are seen as cost-effective, and because they can help create mobile and agile businesses for workers who move far beyond the confines of the home office. Cloud computing increases workforce accessibility to critical business applications, data, and services, while providing a new platform that can help ignite or accelerate new business models.
However, many organizations are steadfastly resistant to cloud computing, uncomfortable with relinquishing control of processes and data. Meanwhile, others are perhaps too quick to embrace the cloud; blindly putting faith in their chosen service provider’s ability to secure their data and prevent any regulatory headaches.
A significant challenge with cloud adoption is in relation to its specific use in an enterprise. There are also risks that will extend from incubating technologies or the marriage of technologies that support cloud-based services. Without a doubt, cloud computing carries with it the challenge of protecting cloud-enabled business operations, especially in service-provider-managed, hybrid, and public cloud infrastructures. With externalized services, some basic business concerns emerge:
- Where are our information assets going?
- How are they being protected?
- Who will have access to our information?
- How can we navigate policy shifts, regulatory compliance, or audits?
These are the types of questions that business decision-makers should be asking of their service providers. In fact, many are doing so more often now, and expecting good answers in return. This is why many leading providers of externalized services are taking steps to help demystify the cloud for their customers and clearly explain their approach to data security.
Many customers are also asking to maintain at least some control over their data once it is in the cloud, such as being able to self-administer controls to assure compliance. Expect to see more providers seriously exploring that option in the near future; it likely will be a business differentiator for many companies, as more businesses decide to embrace cloud computing and look specifically for a provider who can present that capability.
Excerpt from Cisco 2009 Annual Security Report: Highlighting global security threats and trends. Copyright © 2009 Cisco Systems, Inc. Download the complete report online.