Richard Kemp comments in Tech Radar Pro: Can multinationals trust the cloud with precious corporate data?
Should corporations be wary of the cloud?
Cloud computing is elastic IT. Whether scaling-up or upgrading, the size of a company’s infrastructure can now be changed in seconds by relying on a cloud provider having spare capacity in its data centres. However, put all of your data in the cloud and slow and unreliable connections can be a giant drawback. Add the worry that cloud-based corporate data might not be safe from cyber-attacks, and the cloud can begin to lose its shine. For a company that works across the globe, the cloud might be convenient, but it continues to represent a conundrum. Can multinationals trust the cloud?
The cloud has much to offer multinationals, not least an instant infrastructure of the kind that businesses just a decade ago would have dreamed of being able to access on-demand. “The cloud offers flexibility in that a company can offer a service prior to purchasing all the hardware needed, as in the pre-cloud days,” says Dr Kevin Curran, Technical Expert at the IEEE.
“The beauty of the cloud is that it can instantly meet the demand due to the large capacity of the provider’s remote servers, and this will continue to allow companies to estimate costs more predictably as they can incrementally add on services when needed, and when resources allow.”
Put simply, the cloud offers multinationals instant global infrastructure.
Can the cloud save the planet from capitalism? Many believe that a collective reliance on the cloud by businesses will also lead to a lower collective carbon footprint. Instead of 100 companies all going for the same market, and often over-provisioning their IT, the cloud means that companies will buy less hardware – less servers and other IT equipment – and move to renting capacity as and when they need it. Each time a multinational signs a new service contract anywhere in the world, it can rent more space in a data centre. The cloud offers impressive efficiency and scalability. So what are the drawbacks?
“The perceived weakness in the cloud at the moment is security,” says Richard Kemp, founder Kemp IT Law. “Governments like the UK are investing significantly in a structured approach to cloud adoption to speed its uptake in government departments.” He explains the UK’s three-pronged approach: First, effective data classification, to determine what data is suitable for the public sector cloud, and secondly, substantive security requirements – typically based in international standards like the ISO 27000 family – then thirdly, process requirements – for accreditation, auditing, and reporting.
The UK: a model cloud?
Calling the UK’s structured, standardised approach thus far ‘exemplary’, Kemp thinks that it could act as a pathfinder for other countries who don’t want to reinvent the wheel, want to keep flexibility, and want to give their citizens the benefits of the cloud. “As cloud take-up grows, the big cloud providers like Microsoft, Google, Amazon and IBM are investing hugely in security,” he says. “It’s possible in time that this will throw the spotlight back on on-premise IT security – a reality today is that the cloud is generally a much more secure IT environment than on-premise at many organisations.”
Is the cloud safe?
In terms of data breaches, don’t underestimate how far the cloud has come in recent years. “There’s a potential irony in multinational companies having concerns about security in the cloud, when in certain circumstances a move to the cloud can create the opportunity to upgrade security,” says Alan Hartwell, vice president security & identity solutions, EMEA at Oracle. “New cloud data centres often have in-built protocols around encryption and the application of privileged access controls to enable companies to assess whereabouts on the spectrum of risk that pieces of data sit.”
What if the cloud closes?
The cloud isn’t forever, and multinationals should be aware of instances where cloud providers go bust. It’s happened before, with 2e2 shutting down in 2013. “They asked customers for £1 million (around $1.6 million, or AU$2.1 million) if they wanted uninterrupted services and access to their data centre facilities,” says Curran. “Of course, most wanted to access their data immediately so that they could migrate the data and applications to another service provider, but the company stated that the process could take up to 16 weeks.”
The fee demands were planned to cover employee costs, utilities, carriers, rent, rates, administration and other central expenses, including legal costs and administrators’ fees. “This may be unusual in that customers had to pay in order to get data out,” says Curran. “In other cases where cloud providers were going out of business, customers were notified and given adequate time to transfer their data elsewhere.”
Either way, multinationals who have a hard time trusting the cloud have only one option; keep a backup.
Always keep a backup
What the cloud is presumed to offer – permanence – and what cloud providers actually offer are somewhat different. In their terms and conditions, most cloud services state that the user is responsible for backing up their data, and that the provider isn’t liable for any loss or corruption of data. “Your cloud backup is not the backup,” says Curran. “In other words, you really should treat it like any other data location, which should be backed up elsewhere. It may be the host backup but should never be the only one.”
Any multinational looking for cloud provision should ask questions. How long has the cloud service provider been in business? Do they provide backup services to companies that are similar in terms of vertical market, size and scope?
“Look for clauses that allow them to review your charges when they themselves are faced with a substantive change, such as if the government changes VAT rates,” says Curran. “Other clauses may be related to increases due to energy prices rising.” It’s also worth detailing in a contract with a cloud provider that the user can review its position and leave with sufficient notice in the event of a change in the status of the provider, such as a buy-out.
Data duplication and destruction
As well as avoiding accidental data breaches, deletions and other critical business issues, multinationals must remember that data can be backed up too much. “Multinationals will need to pay more attention to cloud security as legal repercussions creep in alongside the increase in big data,” says Curran. “Multinationals with large data sets due to the multi-tenant nature of a cloud platform should pay extra attention to the data lifecycle phases, and ensure that aspects such as data destruction is provided, and auditable, as part of the service.”
Any multinationals allowing confidential datasets to remain outside the company network should examine how they can robustly protect that data. “The answer can be simply a layered security strategy,” says Curran. “The core principle to be followed here is the encryption of data.”
Efficiency vs encryption
Cloud computing is now how business does business, and that’s not going to change. “The cloud is to computing what the grid was to electricity generation in the 1920s and 1930s – soon, people won’t recall the time when they didn’t flick the switch to get access to computing as they do for power,” says Kemp. “The cost benefits and efficiencies from 1,000,000 sq ft, 100,000+ server, billion-dollar investment data centres are unanswerable.”
However, only with encryption and a robust yet nuanced policy towards different datasets can the cloud be truly trusted – and properly exploited – by multinationals.