For as long as I’ve been hearing the term “Cloud Computing” the biggest concern has always been security, especially if you are handing the keys to the kingdom over to an external vendor, but I’m wondering if these concerns are overplayed to a large extent — and so is former US CIO Vivek Kundra.
The story goes if you want to secure your content, you need to keep it inside the confines of your firewall because anything less is exposing your precious data to outside forces. Now I don’t mean to minimize these concerns because certainly some companies, regulated industries in particular, have to keep these concerns top of mind, but are security concerns really valid?
It’s a question Kundra asked recently during an exchange with Salesforce.com CEO Marc Benioff at Dreamforce 11, Salesforce.com’s huge user conference. According to a report on CIO.com, Kundra, who has been a big advocate for cloud solutions in the government, belittled the idea that security was a reason to stay away from the cloud.
In fact, he sees the security argument as a red herring:
In other areas, what you get is a false choice; people erect these barriers around security and privacy, which in some ways are very unfounded. And the reason I think they’re unfounded and ridiculous in a lot of ways is because the United States government already has outsourced over 4700 systems.
And it’s a valid point. He goes onto suggest that these systems are often built by highly paid systems integrators — some of whom might have a lot at stake to spread FUD (fear, uncertainty and doubt) about cloud computing.
Yet how many private companies outsource many of their own services? How many companies for instance do their own payroll anymore? Even very small companies tend to outsource this kind of activity because it’s easier to have someone else do it. Yet that means these payroll companies have access to your employee’s names, addresses, salaries, social security numbers and a lot of other highly confidential information outside your firewall.
And yet we rarely if ever hear anyone getting up and claiming its crazy to outsource your payroll data because you could be compromising your employee’s privacy and crucial company information.
Heck, what better example of cloud computing is there than Salesforce.com. When it launched in the late 90s, did you think it would be common place a decade later to store your most important customer information on another company’s servers? Now thousands of companies, big and small, do just that.
My favorite cloud security story comes from the MIT CIO Conference in 2009. As I explained in a post on DaniWeb at the time, Rear Admiral Elizabeth Hight, vice director of the Defense Information Systems Agency fully embraced the cloud, and in fact described the first private cloud I had ever of at the time, used by military personnel in the field to access services they needed quickly and relinquish them when no longer needed.
What was interesting though was not just that the military was on the cutting edge of cloud computing, but that a drug company executive on the same panel complained the cloud wasn’t secure enough for her. As I wrote:
Panel moderator, Erick Brynjolfsson of the MIT Center for Digital Business did not miss the irony that the military, which requires perhaps the most secure network in the world was not afraid to engage in cloud computing, but the private sector company CIO claimed she was handcuffed by regulations around security.
The point being that 2 years later, we’ve come a long way, and cloud computing has matured remarkably quickly. Yet we are still being subjected to what Kundra sees as misleading arguments about security, and he may be right that it’s time to move on.