Cloud Computing will only come of age “when Homer Simpson mentions it on The Simpsons". That was one of the mor startling conclusions from a discussion on Cloud Computing adoption in the public sector at an eForum seminar in Westminster this week.
The Homer-ic reference came from from Mark Pritchard MP, chairman of the all-party parliamentary group on cyber-security, who also somewhat wistfully compared Cloud Computing to the “discovery of another galaxy; stars beyond the stars.”
Nonetheless he adamanat that the future of Cloud Computing, unlike past technologies like ASP, was assured. “Cloud is here to stay,” Pritchard said. “The number of applications and benefits of Cloud Computing are timed, varied, and manifold. It opens up opportunities and pushes back boundaries. The desktop PC experience has broken free, and it’s particularly advantageous to a public sector with a squeeze on its resources.”
The debate in Smith Square also looked once more at some of the data protection issues surrounding Cloud Computing as it increasingly becomes adopted by companies and public sector organisations.
Tom Greenbank, a solicitor specialising in outsourcing and technology at law firm, Pinsent Masons, said companies and public sector organisations looking to adopt Cloud services should follow the same procurement procedures as they do in standard procurement deals. He argued ensuring the personal data of the UK population didn’t leave the European Economic Area was “difficult given the locations of the datacentres.”
Greenbank also pointed out that away from the Data Protection Act, there may be other requirements companies could adhere to regarding data, and warned organisations to take due diligence. “If your data is held in the United States, has the datacentre provider signed up to the Safe Harbor Agreement?” he said, citing the US-EU agreement allowing American companies to comply with European data protection laws.
“There’s an obvious disconnect,” argued Rik Ferguson, senior security advisor at Trend Micro. “When it comes to Cloud adoption, the major barrier to CIOs – certainly in this country – is security. Surveys have revealed that three-quarters of CIOs cite security as the main barrier to the Cloud. But if you look up Cloud services on Wikipedia, security is cited as one of the major benefits of Cloud Computing.”
Ferguson explained that much like the word ‘Cloud’, security has different meanings to different customers. “When it comes to executives,” he says, “security is about control and accountability. The problem is when we consume Cloud services, we outsource substantial control – but we don’t, and can’t, outsource accountability That’s the reason why it becomes a barrier.”
The Cloudy seas
Dealing with data protection and security in the Cloud is something that faced the Royal National Lifeboat Institution (RNLI) when it launched its Sea Safety Programme. Explaining the system was Peter Bradley, staff office operations at the RNLI, and Richard Prodger, technical director at Active Web Solutions.
The Sea Safety Programme is currently being rolled out across the UK’s fishing fleet, enables the RNLI and HM Coastguard to locate vessels in distress or people in ‘man overboard’ situations’. The two explained that resilience, security, and cost were the three main factors at the forefront of the institution’s thinking.
The system is a hybrid model of Cloud and on-premise-based architecture, with the Cloud-based part of the system (supported by Microsoft’s Windows Azure) is used to provide both scalability and reliability; in fact, they astonishingly confirmed the system would remain online, even if the whole of the UK was cut off from the internet. Bradley confirmed that, “information stored on the Cloud is in no way attributable to an individual” and that “as far as information security is concerned, that’s handled by digital encryption.”
John Colley, a 19 year veteran of information security and current MD of (ISC)2’s EMEA operations, argued for a change in attitude by those in the data security sector. “When you talk about Cloud Computing to an information security department, the say the sky has fallen in, and they hit the panic button,” he commented. “They don’t know how to secure it, who to trust, or what is the risk to the business.”
Cynically, Colley stated departments inevitably went away to write a policy, in which they recommended “don’t under any circumstances use it.” He noted: “We’ve seen that with the internet; we’ve seen that mobile phones; we’ve seen that with wireless internet, and we’re seeing it with the Cloud.”
Colley warned that since the business case for Cloud Computing was so overwhelming, “it will happen with, or without, the blessing of the information security department.” He outlined that it was the department’s role to ensure, “how to make it happen securely, work out how to minimise the risk, and ensure there’s an understanding of both sides of the risk/benefit equation.”
Beyond the usual considerations surrounding a migration to Cloud services, such as data security, resilience, and contingency and recovery, Colley argued businesses should be more aware about other things. “How do you carry out computer investigations and computer forensics over the Cloud?” he pondered, before pointing out companies should also ask who should be authorised the Cloud platform within their business? How is that access controlled and monitored, and how do companies stop the rogue use of services in the first place?
“The way forward,” argued Colley, “is to change the information security department’s mindset. Concentrate on the how to, and don’t waste time on the why not. Concentrate on the ‘people issues’ or educating them to understand the Cloud, and finally trust people – but verify they’re doing the right things.”
re: [edit]
Posted by Anonymous on Tue, 27/09/2011 - 04:15I’m impressed. Very informative and trustworthy blog does exactly what it sets out to do. I’ll bookmark your weblog for future use.
Joseph
www.joeydavila.com
Your online Library
Post new Comment