Security tensions at the core of the cloud concept hobble cloud growth

Published 8 July 2010

The cloud model and the notion of data having a specific location are somewhat antithetical: some cloud-service providers attempt to maintain security and availability by locating the data in multiple servers or data centers, or by locating it in an undisclosed data center; cloud-service providers are thus in a tight situation with regard to secrecy about their data centers and security procedures: many of these providers believe that this information must remain secret, but many customers — including giant potential customers such as the U.S. federal government — want to be made aware of such information before signing on with a provider

The cloud offers business and environmental benefits, but it continues to be weighed down by concerns about security and legal matters. Jeffrey Clark writes in Data Center Journal that with the U.S. federal government eyeing the cloud as one means to facilitate its quest to reduce its data center footprint, the potential market for cloud-based services could explode. Cloud-service providers, therefore, would do well to consider the concerns of potential customers, especially with regard to security.

According to Information Management Online (“IT Executives Worry about Security in the Cloud”), a late-2009 Forrester Research survey of IT executives indicated that security is the foremost drag on customer adoption of the cloud-computing model. In a recent article (“Secrecy of cloud computing providers raises IT security risks”), Network World notes that many businesses and industry observers believe that the cloud “presents a security and legal minefield for businesses and government.” Clark writes that the numerous benefits of cloud computing — including elimination of capital investment for IT infrastructure; a pay-as-you-go approach to storage, compute, and network resources; increased operating efficiency on the part of the IT equipment; and, correspondingly, a decrease in environmental impact — are thus obscured by concerns about, for instance, whether sensitive data that is entrusted to a cloud-service provider will remain secure.

Clark notes that many cloud-computing providers are making the situation more difficult through secrecy regarding such matters as the location of customer data (in other words, the locations of the provider’s data centers) and practices associated with those data centers.

It is true that cloud-service providers may be facing a difficult situation in this case — some level of secrecy may be necessary to provide protection to customers, but too much secrecy can make customers go wary. According to Network World, “Cloud service providers often cultivate an aura of secrecy about data centers and operations, claiming this stance improves their security even if it leaves everyone else in the dark”; these providers often believe that such secrecy is an integral part of the cloud-computing business model. Some customers, however, may wish to be made aware of the provider’s security procedures and protocols as well as its data center locations, for instance. The cloud-computing industry, however, is plagued by an environment where “non-disclosure agreements (NDA) dominate, questions aren’t answered, and data center locations and practices are treated like national security secrets.”

Some industry observers have questioned whether cloud computing is