Not every cloud has a silver lining
- By Kevin Coleman
- Oct 25, 2012
Cloud computing is one of the latest revolutions in the delivery of IT capabilities. The cloud computing market in the United States is forecast to double by the end of 2016, a nearly $42 billion market.
The expansion of cloud computing is being driven by the benefits that this technology offers. Topping the list of benefits is the responsiveness it provides an organization’s IT environment since it cloud computing has the capacity to adapt quickly to an organization’s changing business needs. Other significant benefits are cost reduction and efficiency gains. All together, the value proposition for cloud is sound for most, but not all, organizations.
A recent Ernst & Young survey found that 61 percent of respondents would use or evaluate cloud services within the next year. That shows just how robust the cloud market really is. The market is divided into three basic segments -- private, public and shared, all of which support the top uses of cloud computing – business applications, IT infrastructure and data storage.
The public and shared cloud markets are forecast to grow at more than a 15 compounded annual growth rate through 2016. However, these two segments pose perhaps the greatest challenge when it comes to cybersecurity.
Government and corporations have all articulated their concerns with the addition of social networks, mobile platforms and cloud computing models to their operational environment. Echoing these concerns, cybersecurity professionals have stated that these additions to the enterprise environment bring new security challenges. A cloud platform has already been used as a cyber weapon that was specifically applied to attack business targets. In fact, there are some foreign entities that use a cloud platform coupled with cyberattack services as an offering to those wishing to launch disruptive or destructive activities.
There is little doubt that the rapid adoption of cloud computing and services models bring with it new security challenges. A recent poll of more than 1,500 professionals found that 26 percent of respondents felt cyber-threat defense was a significant concern for those who use cloud computing. They are not alone. In August Steve Wozniak, the co-founder of Apple, stated, "I think it's going to be horrendous. I think there are going to be a lot of horrible problems in the next five years."
But for all the concern about the security of the cloud, cloud computing is not less secure than traditional contracted systems operations and management. It is just a bit different and should be treated as such. Knowing who else resides on your cloud is critical, as they may have a higher threat profile and be more of a target, thus increasing your risks of collateral damage if they draw cyber fire and an outage or disruption results.
Businesses and government organizations that are moving toward cloud computing platforms and services need to be aware of and monitor existing and emerging cybersecurity threats. With the average cyberattack now costing just short of $9 million per incident (up 65 percent in the last year), planning a move to the cloud must include a security strategy that clearly articulates the risks, mitigation efforts and the overall cost of protection.
Indeed, cloud computing is all about the numbers. Some organizations find a fair amount of monetary reward in moving to the cloud, while others just can’t make the numbers work due to specific and unique requirements.
But security and cost are not the only challenges when it comes to cloud computing. Privacy, data ownership, cloud occupancy and operational integrity combine to complicate the decision to move to the cloud.
That said, we still have time to address cloud security issues before they become a major problem. Perhaps it would be best for all of us if we worked together and prove Steve Wozniak wrong. Proactively addressing cloud security challenges, rather than using the traditional reactionary approach, could mitigate most of the risks.
Kevin Coleman is a senior fellow with the Technolytics Institute, former chief strategist at Netscape, and an adviser on cyber warfare and security. He is also the author of "Cyber Commander's Handbook." He can be reached by e-mail at: firstname.lastname@example.org.