Thursday, April 24th, 2014
Today's weather     
Cloud computing presents opportunities, poses threats

15th October 2012
Bookmark and Share

Polish businesses are using the cloud in ever greater numbers. But is it secure enough?

The cloud can sometimes be safer than more traditional alternative technologies
Shutterstock

Cloud computing is a growing worldwide trend, due to its flexibility, easier cost control and user-friendly access. The new technology is also gaining ground in Poland: A study by Cisco earlier this year showed that 42 percent of Polish businesses now use the cloud in some shape or form.

Yet even owners of these same businesses view data security in the cloud as their biggest concern and are equally skeptical that the resources available in Poland – financial and technical – can encourage further development.

Are these justified concerns or symptoms of hi-tech anxiety?

At least one authority in Poland shares the skepticism. Wojciech Rafał Wiewiórkowski, inspector general for personal data protection in Poland, stated outright late last year that in his opinion, the level of security in the cloud is not sufficient to allow the safe processing of personal data. One of the conclusions at a cloud computing conference held at the end of May in Warsaw was that processing data in a cloud is cheap and convenient, but not always safe.

Cloud security a priority

It seems though that cloud vendors are putting a lot of emphasis on the security aspect. Grzegorz Dobrowolski, sales manager for data center and virtualization at Cisco Systems Poland, said that security is a key part of the Cisco cloud strategy, which provides cloud solutions for private, public, and hybrid clouds.

Mr Dobrowolski said this is assured by the Cisco SecureX technology, an integral part of all Cisco architectures. It is a context-aware security framework that allows customers to easily define and manage business-relevant security policies. It provides further security enforcement elements in the form of appliances, modules, and cloud services. Most importantly, he added, these mechanisms have been proven effective.

Large cloud service providers such as Amazon, CSC, IBM, Salesforce.com and Verizon Business have built robust security mechanisms – offering both application-level security as well as firewalls and encryption at the infrastructure level. These service providers store millions of gigabytes of sensitive data in the cloud and have so far suffered no serious security breaches.

Hard to believe? A recent article on cloud computing on businessinsurance.com, a US-based portal for risk and benefit management experts, seems to confirm the claim. With large companies entrusting more and more of their data to external sources, the stakes are high and security has the highest priority. In fact, the conclusion is drawn that “data breaches seem to be everywhere these days except the one place everybody fears – the cloud.”

The author quotes Jay Heiser, vice president of research at technology consultant Gartner Inc. “Cloud providers put more emphasis on security than other entities. If they didn’t, they’d fall over.”

Other experts agree. “Potential data breaches in the cloud are talked about a lot, but there hasn’t been much to point to,” said David Black, chief information security officer at Aon eSolutions, the technology solutions business of Chicago-based Aon Corp. “The reality is that cloud vendors know that security is the big risk to their entire business model. If they were to experience a major breach, they’re sure to go out of business,” he added.

Mr Wiewiórkowski, Po-land’s inspector general, also admits that in terms of classic protection from unwanted access to data, cloud solutions can be safer than traditional technologies. Most data centers are well protected against external attacks, while centralized data storage means limited sources of a potential data leak. The real concern in his view is the matter of who has legal access to data stored in a cloud and how that data can be processed.

Who can access data?

Today it is difficult to contractually limit the number of entities that can legally access data stored in a cloud, the chief inspector said.

Of course, a cloud vendor will always assure that we have full and exclusive control over our data, but we cannot be completely sure that the data aren’t processed by third parties. In many cases, we may not be aware of the obligations a cloud provider may have to provide data to public authorities (especially police or special services). For example, in the United States, special services have broad uncontrolled access to such data. This creates major issues for the data owner, who is legally required to have full control of how it is processed, especially when sensitive personal data is concerned.

Is there a way around this issue? Thomas Trappler, a US-based cloud computing risk mitigation expert agrees that data access and protection are key issues to address when investigating or adopting a cloud computing service.

How do you ensure that you have continued access to your data, and that others who shouldn’t be able to access your data don’t? He suggests that to help mitigate risk in this area, it’s important to take a deeper dive on the infrastructure and security issues when a firm comes to do its research.

Cloud providers are, of course, quite aware of these growing concerns and are addressing them. So for example, in addition to technology solutions for cloud security, Cisco also provides advisory services to help customers with cloud deployments.

Use of the cloud is becoming increasingly popular among Polish firms
Shutterstock
Mr Dobrowolski explained that cloud computing represents a shift to new technologies, but even more importantly, it means a shift to new business computing models. So when we talk about security of the cloud, it is important to bear in mind that cloud security actually begins with governance considerations. Providers of cloud services as well as subscribers to those services need to ensure that their organizational governance is up to date to support these changes. All related policies and procedures need to be updated. Subscribers need also to review information offered by their cloud provider to understand how providers manage application development, infrastructure design, security architecture and implementation, as well as monitoring, auditing, and security incident response processes.

But, he stressed, security is not the responsibility of cloud providers alone. If a subscriber does not have sound governance and a strong security posture to start with, moving to the cloud will not solve their security problems.

What’s next?

There still remains a lot to be done in creating perfectly secure cloud environments, especially in the more abstract area of cloud security governance, but the obvious financial and flexibility benefits are an encouragement. Mr Wiewiórkowski definitely sees a future for the cloud, although he remains cautions. He would definitely use the technology for non-sensitive data, but would rather keep personal data in-house.

Nevertheless many companies have made the leap. Mr Dobrowolski gives the example of Salesforce.com, which offers very successful business cloud applications dealing with highly sensitive corporate data. Also, he added, people use the technology every single day, even without consciously thinking that they’re in the cloud – Facebook is a good example here.

He acknowledged that companies which are considering a migration to either a private, public or hybrid cloud should take security very seriously. But if properly implemented, use of a cloud can bring many benefits. Above all, cloud governance implicates an increased need in visibility and auditing capabilities between data owner and cloud provider.

Page 1 of 2
1 2  [Next››]  of 2

From Warsaw Business Journal


Advertisement
The business of politics
Poland’s PM owes Putin one
BY Remi Adekoya
A few months ago, Civic Platform (PO), Poland’s ruling party, looked sure to lose the upcoming European Parliamentary elections in May. Poll ... READ MORE
From the editor
A day full of possibilities
BY Andrew Kureth
My favorite cartoon ever drawn is the final strip of the iconic “Calvin and Hobbes” series, by fellow Kenyon College alumnus ... READ MORE
Our partners