We are witnessing the large-scale industrialization of data center, operated by various enterprises. In this brief article, let us look into the concerns of CIOs around cloud computing.
We are witnessing the large-scale industrialization of data center, operated by various enterprises and the concerns of CIOs around cloud computing have to be very clear. In order to understand the concept of cloud computing, the CIO has to know about the cost and flexibility of cloud computing and should have an idea on what is happening to data, where did it go, who accessed it and how the data can be secure. The cloud providers don’t have all the information on these queries. It is sometimes unfortunate that the CIO is considering moving their mission critical systems to the public cloud without knowing the specific requirements of enterprise cloud systems. With the public cloud the only recourse is what is written in an SLA and money-back guarantees are very far away from level of assurance that an enterprise CIO needs.
Let’s look into the concerns of CIOs around cloud computing
Security: Security is a function of the security professionals’ talent, those who lock down workloads and data, whether in the cloud or not. However, these days the security services found in public clouds are more advanced than what many enterprises can afford on premises, and it’s much easier to implement. That’s why security is typically better in the public cloud.
Availability: How a public cloud model can deliver as reliable a performance as enterprises owning their own data centers. Consider how the earthquake and subsequent tsunami in Japan made the banking community realize that having a main data center in Tokyo with a backup in Yokohama, just 50km away, wasn’t such a smart idea. Contrast that with the latest object-store solutions that provide multi-continent, multi data-center storage redundancy and availability. It is here that certification can play a key role as it is possible to analyze and correlate the risks.
Confidentiality: Since IBM’s Craig Gentry announced his Fully Homomorphic Encryption (FHE) scheme there has been intense research in the academic community to build something practical. FHE implies that you can store encrypted data in the cloud using encrypted applications and the data never needs to be decrypted, even in memory. Indeed the results only needs to be decrypted locally when an authenticated end user needs to view it, thereby removing any possibility of the cloud operator or outside attacker breaching the confidentiality of the data.
Integrity: Integrity is one of the security triad and can be addressed with Keyless Signature Infrastructure (KSI) which provides a mechanism for CIOs to dynamically attest that their systems and data are in a clean unmodified state in real-time and act when a unauthorized modification is detected. It also keeps the public cloud administrators honest – everything that happens in the cloud environment can be verified independently. When something goes wrong there will be forensically auditable evidence to prove what happened.
Regulatory compliance requires enterprises to prove the integrity of their archived data, spending as much as $10,000 per TB for hardware-based solutions. Now this can be done in software in a public cloud at a small fraction of the price.
The Road Ahead
The best CIOs will use their influence to help the business overcome the challenges in the cloud. Rather than being the point of contact for all IT decisions, CIOs will use their knowledge to help the business exploit the technology investments it makes. Successful CIOs of the future will be customer-centric executives with an expertise in governance and an obsession with creating inherently safe products and services.