Why are Businesses Reluctant to Make the Move to the Clouds?

By now we know that the name cloud computing comes from the cloud symbol that represents the Internet in flowcharts and diagrams. It’s everything that happens “out there” somewhere, and those services are divided into three main categories:

  • Infrastructure-as-a-Service (IaaS)
  • Platform-as-a-Service (PaaS)
  • Software-as-a-Service (SaaS)


Let’s focus on the infrastructure because it’s at the bottom of the “stack,” and the main building block for many PaaS and SaaS solutions.  IaaS provides on-demand, system-level capabilities for IT architects and developers to take advantage of a complete computing environment?core network, systems, storage, and other computing resources to deploy and run essentially any software in the stack from the operating system up. The consumer doesn’t own any of the physical infrastructure but has access to an unlimited amount of computing and storage space in a virtualized environment with a pay-as-you-grow pricing model. Sounds amazing! So, why are many in IT reluctant to use IaaS?

Forrester conducted a survey of enterprise and small-to-medium businesses at the end of last year to find out why firms aren’t interested in pay-per-use hosting of virtual servers. According to Frank Gillett, VP and Principal Analyst at Forrester Research, “The top reason people don’t use IaaS is still security.” The following graphic shows the results of the Forrester survey.

A June 2010 report from the Aberdeen Group states that, “Concerns about assuring the confidentiality, integrity, and reliability of sensitive data are in fact the leading inhibitors to faster enterprise adoption of cloud computing. In a very positive sense, the marketing hype about cloud computing has elevated attention on IT security as a critical enabler for the successful journey to cloud-based computing services, both public and private.”

So, you might ask the question…

How Do I Know Whether a Cloud Environment is Secure?

Here are some things to consider and questions to ask.

A reputable cloud provider should provide an enterprise-grade service with data protection features encompassing:

  • physical security
  • network security
  • distributed denial of service (DDoS) defense
  • intrusion detection
  • firewall management
  • access controls
  • preemptive intelligent security that knows and can respond to security threats before attacks occur

In addition to the basic security, knowing where your data is stored can be critical. The nature of cloud computing means data could be spread over many servers in many geographical areas, including other countries or continents. You will need confidence that your data is kept logically separated from other user data or, in the case of some policies or regulations, that the data is stored, or the services delivered, only in your country.

Questions to ask:

  • Are data centers secure and redundant?
  • Does the provider offer secure VPN connection or dedicated private network connectivity?
  • Can encrypted data be stored?  If your application will be accessed via the public internet, can your data be encrypted, and how is that encryption handled?
  • How quickly can the provider perform complete restoration?
  • Can the security and policy controls be customized to your individual or organizational needs, or must you conform to a one-size-fits-all model?
  • Is the provider transparent on their security methods and programs?
  • How stable is the company? Will your data be secure in the event a larger company buys your provider? What happens if they go out of business?

Anyone considering using cloud services should review the Cloud Security Alliance Controls Matrix (CM), which provides fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider.  Security is a critical enabler for the successful journey to cloud-based computing services, but the sky is the limit when you reach for the clouds!

Do you agree that the hype around cloud security is good for IT overall?
Is it an unforeseen benefit of cloud computing? Share your thoughts.
The Networking Exchange Blog Team About NEB Team