Is there a correlation between the decision of adopting cloud technologies and the confidence on the security assurance on the cloud ?
Cloud computing is still a young technology. By consuming cloud services is important to recognize the dangers and potential risks facing us, as with any new or existing IT investment. The security concerns, questions about the maturity of the supplier in an industry in its infancy, reliability, and regulatory issues are topics that are of the concern of those professional making decisions regarding the adoption of this new technology. What studies have been performed to quantitatively define the relationship the adoption of cloud technologies and the levels of confidence on systems security?
“ Confidence in cloud computing providers will increase as security standards are created and adopted.” To properly evaluate existing literature against this hypothesis, the following definitions must be established:
- Confidence: a feeling of assurance or trust in a person or thing.
- Cloud providers: Brad Smith define this as “A service provider that offers customers storage or software services available via a private (private cloud) or public network (cloud). Usually, it means the storage and software is available for access via the Internet.” (Smith, 2010).
- Security Standards: According to John Daintith and the Dictionary of Computing this can be defined as “A set of security features to be provided by a system before it can be deemed to be suitable for use in a particular security processing mode, or in accordance with a generalized security policy.” (Daintith, 2004).
In 2009, the Information Systems Audit and Control Association performed survey over 1,500 professionals across 50 countries, in order to measure the relative immaturity of cloud computing usage and the uncertainty of the balance between risk and reward. This survey revealed that:
- 9.4% of respondents plan to use cloud computing for mission-critical IT services.
- 8.8 % will only use the cloud for low-risk, non-mission-critical IT services.
- 35.6% do not plan to use the cloud for any IT services.
- 28.2% were not aware of any plans for cloud computing.
- 12.1% would take large risks to maximize business return.
- 61% of reported that they believe the biggest risk to their organizations is failing to protect confidential data.
A similar study was appointed by Art Coviello, Executive Vice President of EMC Corporation. During a key note message during the RSA Conference 2010, he cited a recent survey conducted by CIO magazine that stated 51% of IT chiefs in the USA, were unwilling to adopt cloud computing because of security issues.
The industry needs to deliver solutions that ensure levels of protection in the cloud would surpass what physical environments are providing today. “Security needs to be embedded in the virtual layer and practitioners need to shift from safeguarding the enterprise architecture to adopting a posture of information-centric protection.” (Coviello, 2010).
Another survey conducted by IEEE/CSA in 2010, revealed that IT professionals are concerned and recognize the importance and urgency of cloud computing security standards.
- 44% responded that are already involved in cloud computing projects.
- 93% considered the need for cloud computing security standards as important.
- 82% percent said the need is urgent. Data privacy, security and encryption comprise the most urgent area of need for standards development.
“It’s clear from this survey’s findings that enterprises across sectors are eager to adopt cloud computing, but that security standards are needed both to accelerate cloud adoption on a wide scale and to respond to regulatory drivers” (Reavis, 2010).
Sources
Reavies, J. 2010. Enterprises eager to adopt cloud computing,
but regulatory requirements demand security standards compliance. In Survey By IEEE And Cloud Security
Alliance Details Importance And Urgency Of Cloud Computing Security Standards.
(San Francisco, California, United States, March 1, 2010). IEEE Press
Release. IEEE Computer Society Press, Los Alamitos, CA, 29-30.
Smith, B. 2010. Building Confidence in the Cloud. In A Proposal for Industry and Government
Action for Europe to Reap the Benefits of Cloud
Computing. (Brussels, Belgium, January 4, 2010).
International Conference on EU Digital Market. Microsoft Press. Seattle, WA,
11-20.
Coviello, A. 2010. Securing
the Path to Virtualization and the Private Cloud from the Desktop to the
Datacenter. In Proceedings of RSA 2010
Security Decoded Conference (San
Francisco, California, United States, March 1, 2010). International Conference
on Computer Security. EMC-RSA, Inc. Boston,
MA, 34-35.
Daintith, J. (2004, January 1). Online Dictionary of Computing. Retrieved on May 6, 2010, from
Webopedia.com website:
http://www.webopedia.com/TERM/s/security.html.
No hay comentarios:
Publicar un comentario