Are clouds fundamentally less secure? A story today in the Guardian lists cloud security as one of the things we’ll worry about in 2009, citing a recent survey commissioned by — big surprise — security companies.
I don’t believe that clouds themselves will cause the security breaches and data theft they anticipate; in many ways, clouds will result in better security. Here’s why:
- Fewer humans – Most computer breaches are the result of human error; only 20-40 percent stem from technical malfunctions. Cloud operators that want to be profitable take humans out of the loop whenever possible.
- Better tools – Clouds can afford high-end data protection and security monitoring tools, as well as the experts to run them. I trust Amazon’s operational skills far more than my own.
- Enforced processes – You could probably get a co-worker to change your company’s IT infrastructure. But try doing it with a cloud provider without the proper authorization: You simply won’t be able to.
- Not your employees — Most security breaches are committed by internal employees. Cloud operators don’t work for you. When it comes to corporate espionage, employees are a much more likely target.
So where are the risks?
“The potential exists for security challenges like data breaches, data intermixing with other vendors, and exposure to security vulnerabilities that [enterprises] may not be exposed to in the infrastructure they own and manage,” John Pironti, chief information risk strategist at Compucom, told me.
With any new technology, there are bound to be exploits we haven’t thought of. But they’re more likely to be part of the management tools used to transfer and modify cloud data, as well as remote tools used to access applications in the cloud, than the clouds themselves.
There are real reasons to be careful when moving your data into a cloud. But be sure you’re worried about the right things. Otherwise you risk looking like a panicky server-hugger who wants to sleep with a copy of your data under your pillow.