Fears over security are hampering adoption of the cloud computing and the industry needs to do something to address those worries, according to Harriet Pearson, VP security counsel and chief privacy officer at IBM.
Speaking at IBM Pulse 2010, the company’s service management conference, Pearson said worries over security and the protection of data in the cloud was, “Top of mind for many organisations. IBM conducted a study of CIOs and potential users of cloud and about 80% said that the top issue on their mind that would affect their willingness to use it was data security,” she said.
Pearson said that issues with cloud security are similar to those in the outsourcing space. She said: “As we work with our clients what we see is no different than what we’ve been seeing in our outsourcing businesses.”
“To us, cloud computing is the next maturation of a computing model we’ve been doing for years. If you want to hand over the operation of your data for someone else to manage, you go through the same discussions, Pearson said.
IBM recently announced a revamp of its security offerings which it says should help companies adopt new technologies.
The new services include Secure Web Gateway Service, Managed Firewall Service and Unified Threat Management Service, Security Information and Event Manager software, Security Content Analysis SDK and Security Privileged Identity Management and Compliance.
Charles Palmer, director of the Institute for Advanced Security and chief technologist of cybersecurity and privacy for IBM Research, said: There is no lack of security products and services available today, but adding security after a system is developed or implemented seldom works.”
Pearson agrees, particularly when starting a cloud computing project. “If you’re moving something non-sensitive you can move it to a public cloud, where there is minimum flexibility to amend or change the terms and conditions. If you’re a larger organisation and want to move financial, accounts payable information you may need to choose a private cloud where there is more control, she said.
But you need to think through that at the beginning, before you hand the data over, Pearson added. You need to think about what happens at the end of the relationship – what happens to the data and so on.”
Novell and the Cloud Security Alliance recently announced the vendor-neutral “Trusted Cloud Initiative”, designed to provide best practice guidelines for cloud computing. The group will bring together cloud providers to produce a set of standards covering cloud security, compliance and identity management.
The body hopes that the new initiative will provide companies considering using the cloud with a trusted source for information regarding security, governance and control of data and IT assets.