Security Imperative for Cloud Computing
The recent New York Times article,
Is Our Data Too Vulnerable in the Cloud?, points out the real concerns and risks of our storing all our data in "the Cloud".
While some of the commenters point out that many of these security concerns apply as well to data stored on enterprise servers, laptops, and desktops -- the perceptions and fears are real. Any further hiccups in cloud computing can set back the growth of these services, as a result of low user confidence. As evidence consider how many people we all know still fear paying bills by internet.
What is needed is for cloud computing service providers to display the equivalent of a "Good Housekeeping Seal of Approval" to certify their data security is up to the standards of the best enterprises. This will help consumers and CIOs feel more comfortable leaving their data in the cloud.
To be effective this certification needs to address network and physical security, and also needs to apply global standards to meet the different needs of different jurisdictions. For example the theory of cloud computing is that we should not care where in the world our data is stored; but EU enterprises have stricter privacy rules than many others and need to know their data security is up to EU standards regardless where it resides.
Who will provide this certification? Perhaps auditors? Perhaps anew entity that creates a trusted brand? Someone ought to. Soon.
While some of the commenters point out that many of these security concerns apply as well to data stored on enterprise servers, laptops, and desktops -- the perceptions and fears are real. Any further hiccups in cloud computing can set back the growth of these services, as a result of low user confidence. As evidence consider how many people we all know still fear paying bills by internet.
What is needed is for cloud computing service providers to display the equivalent of a "Good Housekeeping Seal of Approval" to certify their data security is up to the standards of the best enterprises. This will help consumers and CIOs feel more comfortable leaving their data in the cloud.
To be effective this certification needs to address network and physical security, and also needs to apply global standards to meet the different needs of different jurisdictions. For example the theory of cloud computing is that we should not care where in the world our data is stored; but EU enterprises have stricter privacy rules than many others and need to know their data security is up to EU standards regardless where it resides.
Who will provide this certification? Perhaps auditors? Perhaps anew entity that creates a trusted brand? Someone ought to. Soon.