Posted by: Fohlhorst
CIO, Cloud computing, compliance
Bound by what they feel are overly strict compliance regulations, many companies are shying away from cloud computing services. On the surface, their reasons for this may appear to be sound. But when you drill down a little deeper, they may not prove so sound.
Organizations saying no to cloud computing services do so either based on misinformation or unverified assumptions. Put bluntly, these companies use compliance as an excuse to rationalize their fear of change. These irrational fears will likely come back to bite them, however, because surviving in today’s dog-eat-dog environment depends on embracing, not running from, new technologies.
The bigger issue here involves the word cloud. Once uttered, most compliance officers automatically associate the word with publicly available services routed across the Internet. But cloud does not need a concrete description to define it as an entity that can be accessed publicly. This is where many organizations are making a mistake. The fact is, cloud computing services can turn compliance pain to gain, although there are a few caveats.
First, going to the cloud doesn’t mean putting your databases into the ether. Cloud is just a catchall term for services that can be delivered other than through the traditional client/server model. For example, businesses can call something a private cloud that has no connectivity to the Internet, that can be used to create Web-based applications that replace their legacy apps and allows organizations to produce additional layers of auditable security.
Local, or private cloud-based applications can be designed to keep all data off PCs’ local hard drives. Taking this one step further, organizations can virtualize desktop systems and then deliver those systems to users on an internal network, still maintaining control over data flowing from the internal Web server to the user.
This trend bodes well for compliance officers because the user’s ability to toy with the data is severely limited. Companies such as Oracle, IBM and Microsoft are all beginning to tout the security advantages offered by private clouds for consolidating databases. preventing breaches and improving management of data.
The moral of this story is to not close the door on the cloud. Not until you have carried out due diligence by evaluating your current levels of security and thought through how a private cloud can actually give you better control of your data.
Frank Ohlhorst is an award-winning technology journalist, professional speaker and IT business consultant with more than 25 years of experience in the technology arena. He has written for several leading technology publications, including Computerworld, TechTarget, PCWorld, ExtremeTech and Tom’s Hardware, and business publications including Entrepreneur and BNET. Ohlhorst was also executive technology editor at eWEEK and director of CRN Test Center.