Rich Boswell, EquaTerra Project Director
Recently an analyst from a well known research firm published an article stating that “cloud security is better than what you have today.” In it the analyst bases his argument on customers trusting cloud providers like ADP and Salesforce.com with sensitive information, so why not just trust cloud providers and plan on moving it all to cloud?
ADP and Salesforce.com are business process outsourcing (BPO) providers who accept responsibility for security risks, rather than pure cloud computing providers like Rackspace, who do not. ADP starting out processing payroll manually, then moved to punched cards in the 1950’s, and it evolved from there to what it is today. Customers don’t know or care if ADP is run internally on a cloud-based environment. Even if it is, is there any real difference from a customer prospective on internal cloud versus a traditional virtualized infrastructure?
In pure shared cloud computing, like Rackspace’s infrastructure and platform services, one must trust the provider’s physical controls, their hiring and vetting processes for data administrators and network administrators who can access customer data, their technical security controls for network and data access, and so on. Customers must give up security functions like the ability to delete old files from shared backups, wipe file space clean, shred hard drives and audit log files.
According to this analyst, “…if the workload can move from this data center to that data center, heck we might as well just move it to Amazon.” Don’t believe it. Take a closer look at the underlying solution and provider first.
For more from EquaTerra on cloud computing and how to get started, visit www.equatera.com/cloud.