I’ve always been suspicious about the cloud idea. After all, do I really want to give some third party my most valuable information with the promise that they will take care of it? Besides, if you read the fine print of some of these public cloud services, you have to wonder how much your information is yours and how much it’s theirs. There’s a lot of trust involved.
Maybe that’s why larger companies are developing hybrid and multi-provider cloud solutions. In yesterday’s Gartner webinar, 5 Practical Steps to Securing Data in the Public Cloud, Ramon Krikken pointed out that hybrid and multi-provider solutions may be the best way to mitigate risk and make your company’s cloud service operate in a way that is best for your company. There is no ‘one-size-fits-all’ when it comes to using the cloud.
However, the bottom line question for most enterprises is: Is the cloud really safe? Well, unfortunately, the short answer is no, at least not completely. As Krikken explained, some security is always lost when going to the cloud. Your company can become susceptible to high level attacks because it depends on the security of the cloud provider itself. In fact, the cloud provider may be able to misuse your data and may become your biggest security risk.
Because of the inherent mistrust in using the cloud, a majority of companies demand encryption. They do this either to comply with certain standards or because, in truth, they mistrust the provider. They believe that encryption is a sort of ultimate answer to security. Krikken noted, however, that encryption will not solve the security problem and may even cause more problems, such as making the service more difficult to use. In addition, if you use your encryption keys, you lose everything. Then there are the practical problems. The more complex your security is, the more problems your users and IT department will encounter. Simply put, there are just more things that can go wrong and get in the way of doing business.
In the end, the cloud looks more like an idea that is still in the experimental stage. It’s a good idea and companies feel compelled to embrace it because they don’t want to appear to be behind the times. It may even be a transitional stage until better in-house solutions are developed. However, it is still an idea that has a number of problems to solve, and the main problem is gaining the trust of the people who store their valuable data within it.