View From Above

Sep 14 2011   9:34AM GMT

Are Cloud Security Concerns Overplayed?

Ron Miller Ron Miller Profile: Ron Miller

For as long as I’ve been hearing the term “Cloud Computing” the biggest concern has always been security, especially if you are handing the keys to the kingdom over to an external vendor, but I’m wondering if these concerns are overplayed to a large extent — and so is former US CIO Vivek Kundra.

The story goes if you want to secure your content, you need to keep it inside the confines of your firewall because anything less is exposing your precious data to outside forces. Now I don’t mean to minimize these concerns because certainly some companies, regulated industries in particular, have to keep these concerns top of mind, but are security concerns really valid?

It’s a question Kundra asked recently during an exchange with CEO Marc Benioff at Dreamforce 11,’s huge user conference. According to a report on, Kundra, who has been a big advocate for cloud solutions in the government, belittled the idea that security was a reason to stay away from the cloud.

In fact, he sees the security argument as a red herring:

In other areas, what you get is a false choice; people erect these barriers around security and privacy, which in some ways are very unfounded. And the reason I think they’re unfounded and ridiculous in a lot of ways is because the United States government already has outsourced over 4700 systems.

And it’s a valid point. He goes onto suggest that these systems are often built by highly paid systems integrators — some of whom might have a lot at stake to spread FUD (fear, uncertainty and doubt) about cloud computing.

Yet how many private companies outsource many of their own services? How many companies for instance do their own payroll anymore? Even very small companies tend to outsource this kind of activity because it’s easier to have someone else do it. Yet that means these payroll companies have access to your employee’s names, addresses, salaries, social security numbers and a lot of other highly confidential information outside your firewall.

And yet we rarely if ever hear anyone getting up and claiming its crazy to outsource your payroll data because you could be compromising your employee’s privacy and crucial company information.

Heck, what better example of cloud computing is there than When it launched in the late 90s, did you think it would be common place a decade later to store your most important customer information on another company’s servers? Now thousands of companies, big and small, do just that.

My favorite cloud security story comes from the MIT CIO Conference in 2009. As I explained in a post on DaniWeb at the time, Rear Admiral Elizabeth Hight, vice director of the Defense Information Systems Agency fully embraced the cloud, and in fact described the first private cloud I had ever of at the time, used by military personnel in the field to access services they needed quickly and relinquish them when no longer needed.

What was interesting though was not just that the military was on the cutting edge of cloud computing, but that a drug company executive on the same panel complained the cloud wasn’t secure enough for her. As I wrote:

Panel moderator, Erick Brynjolfsson of the MIT Center for Digital Business did not miss the irony that the military, which requires perhaps the most secure network in the world was not afraid to engage in cloud computing, but the private sector company CIO claimed she was handcuffed by regulations around security.

The point being that 2 years later, we’ve come a long way, and cloud computing has matured remarkably quickly. Yet we are still being subjected to what Kundra sees as misleading arguments about security, and he may be right that it’s time to move on.

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • TomLiotta
    "Security" has two somewhat different aspects. First, there is the 'security against encroachment' aspect. This is where concerns over privacy and disclosure mostly come into it. You don't want unauthorized access to sensitive or confidential data, so you secure the data. Second, there is the 'security against loss' aspect. This is data as a valuable asset. A lot of data can be recreated simply by hiring a bunch of clerks and paying them to type for many hours, days or weeks. But that's costly, and the data can't be fully utilized until the job is finished which can severely reduce income opportunities. So, there is the security of an impregnable safe to which only you know the combination. And there is the security of the warm, fuzzy blanket that lets you sleep easily at night. A lot of cloud security concerns arise from the 'secure against loss' aspect. How do you know the data will still exist when you go looking for it tomorrow? Various service outages from well known service providers can increase uncertainty. Keeping the dual aspects of "security" in mind helps us understand some concerns that aren't always at the forefront of thought.
    125,585 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: