“I sleep like a baby – I wake up every three hours and cry” that's how Eran Feigenbaum likes to describe an IT manager worrying about his network security. It's not a pretty sight but unfortunately the Director of Security for Google Apps does have a point.
However, Feigenbaum reckons that there is a remedy at hand to soothe their frayed nerves. That remedy is cloud computing which he says should help many a IT manager and CIO get a good night's sleep .
Feigenbaum was in Australia last week explaining what Google Apps has to offer large enterprises. Security is one of the biggest factors when businesses of all sizes consider using cloud computing services and Feigenbaum says that the real challenge when it comes to selling the cloud to enterprises is clearing up the misconceptions about businesses losing control, ownership and access to their data.
None of these issues are true as far he is concerned.
“Data can be as secure, if not more secure, than what most organisations are doing,” he says. “ Google has close to three hundred security professionals and most companies don’t have those economies of scale.”
The recent warning of state sponsored attacks against gmail users is an example of where larger cloud services like Google have the scale to identify widespread threats and the resources to respond to them. Most companies, even governments, wouldn’t realise attacks on individual accounts are part of a larger pattern.
The idea that because the servers belong to the business they are more safe and secure is probably one of the greatest fallacies. “Most organisations don’t know what security vulnerabilities they have in their existing environment and those are the ones who are prime for the cloud.”
A good example of that is last year’s data breach at Telstra where the Australian Communication and Media Authority found “a little oops” exposed nearly 750,000 customer records to the public.
The country where data is stored is another misconception, “from a regulatory and compliance perspective,” says Feigenbaum, “it’s not so much where the data is physically located but how it is protected and who has access to it.”
Disaster recovery is one of the areas where the ‘in country’ view comes unstuck as Japanese organisations found after the 2011 earthquake and tsunami where many organisations found having data centres in one region was a critical weakness.
“Since then Japan has been one of the geographical areas with the largest uptake into our cloud.” The main reason being Google’s policy of sharing data around non “shared fate zones” so a earthquake in California or Japan won’t affect services that are also hosted in East Asia or Europe.
Despite the benefits of cloud computing, there are some risks looming for the cloud computing industry, “not all cloud computing companies are created equal” says Feigenbaum who sees plenty of smaller providers that haven’t the resources to commit to dealing with the constant threat of software patches and attacks that are the normal day to day life of a system administrator.
So what should companies look for when considering a cloud services? Eran thinks executives should look at the service’s history, the details of security and not just taking the service’s word for how they conduct their security.
Most cloud computing companies, including Google, are reluctant to let outsiders look into the structure of their services and instead preferring to be independently audited against international standards. Having those accreditations is becoming essential for enterprise cloud providers.
A service’s history is a useful guide for how a cloud provider deals with problems and outages, the more transparent they’ve been in the past about potential security breaches is a good guide to how reliable and trustworthy they will be.
In the next couple of years we won’t be having this conversation asking ‘is the cloud more secure?’ it’s going to be ubiquitous and people will see this” says Feignbaum.
Hopefully that will also mean that CIOs and IT managers will be sleeping a lot more soundly at night.
Paul Wallbank is a business technology writer, broadcaster and blogger and author of eBusiness: Seven Steps to Online Success. Read more of Paul's thoughts here.