Many companies are now seeing the benefits of cloud computing: cost savings, increased network accessibility and improved scalability, to name just a few. But cloud security issues, compliance and privacy are increasing concerns.
The Cloud Market Maturity study, a joint survey released by the Cloud Security Alliance and ISACA last month, revealed that government regulations, legal issues and international data privacy are among the top 10 areas ranked by respondents as “low confidence” when it comes to the cloud.
These concerns were echoed during the recent “Cloud 2.0” panel discussion held in Waltham, Mass., last week. Among the panelists was Judy Klickstein, CIO at Cambridge Health Alliance, who said that, ideally, the cloud provides the means to offer services to her company’s users in a very cost-competitive, secure environment. It’s that “secure environment” part that creates concern for organizations currently moving to the cloud — especially those in the health care field, Klickstein said.
“We have an obligation, and a duty, a judiciary responsibility at our organization to make sure that somebody’s personal information does not get hacked, stolen, shared or sent to the wrong place,” Klickstein said. “As part of that, there’s an enormous array of federal and state regulations guiding everything about what happens to you if you really screw it up.”
When these regulations are violated, it triggers a loss of patient trust, as well as severe financial penalties, Klickstein said. As a result, Cambridge Health Alliance is very conscious of these cloud security issues when working with providers, and looks closely to see how reliable and secure the platform is.
And, of course, alleviating these data security, privacy and compliance concerns more than likely will not come cheap. Even with the numerous benefits of the cloud, choosing which platform is best is still, ultimately, a business decision — and is treated as such.
“If the cloud was providing me with all the things that I feel we have to have for controlling my data center and my environment and they can do it more cheaply, that would be a terrific thing,” Klickstein said. “If there is a risk of doing that and it’s going to cost me three times as much, then do the math.”
Speaking of cloud-related business, a recent blog post from Fidelity.com examined the possible investing possibilities when it comes to the cloud. While the bloggers state that there are many investment opportunities, there are still many questions around cloud security issues. Successful investing in cloud computing will require a thorough understanding of the technology and any potential regulatory issues that may surface, they added.
The phrase “potential regulatory issues” is interesting. One has to wonder, with increased cloud use, if we’re one major cloud security breach away from government-induced, cloud-specific regulations. After all, these regulations are usually not on the horizon until something goes wrong. It’s good that at least some companies are paying attention, and being proactive about the potential cloud security issues before they arise.