Story image

Year of the cloud

01 Jan 2011

During the course of 2010, most people would have heard the term ‘Cloud Computing’ at one stage or another. Some of us have a clear understanding of what this term means, whereas others are still grappling with this meteorological metaphor which refers to a class of technology destined to change lives forever.Perhaps that last sentence was laying it on a little thick, but there is no doubt that benefits exist if you look for them. Below is a brief summary of the pertinent ‘cloud’ concepts before we delve into some of the security concerns still inherent when engaging with this technology paradigm. In ‘Cloud Computing’, users rely on another party to provide access to remote machines and software, whose whereabouts are neither known nor controllable by the user.Cloud Storage – is the scenario where a business stores and retrieves data from a data storage facility via the internet.Software as a Service (SaaS) – is the scenario where applications are run on a SaaS provider’s system and accessed by a customer, usually through a web browser.Cloud Infrastructure/Platform – is the scenario where the provider operates the whole computing platform or operating system for the customer which is accessed via the internet. Applications can then be run on the cloud platform/operating system in conjunction with utilising cloud storage.Although this technology provides great opportunities to introduce efficiencies and reduce costs, its success has always been hampered by lingering security concerns. The three issues most often raised by SMEs include concerns around data protection, data location and access to data. Whenever data protection is raised as a concern, cloud vendors will refer SMEs to the service level agreements (SLAs) and provide assurance that best practices are being adhered to. The real test of a vendor’s confidence, however, is their willingness to take responsibility for any losses experienced by the SME as a result of a breach.The location of your data is a valid concern due to the fact that cloud vendors often outsource data storage or use distributed, global data centres. How comfortable can a user be that they are complying with the data protection laws in their own country and the country where the data resides?Who has access to your data? How does the cloud application handle user account creation, deletion and management? How does it manage the access and permissions granted to user accounts? These are valid concerns, as cloud services place a surfeit of valuable data from thousands of users in a single place, and access controls should be stringently applied. The level of rigour afforded to check employment history and individual integrity may result in your data being accessed by less-than-savoury individuals who do not have an allegiance to your organisation’s well-being. Any privacy discussion related to cloud computing acknowledges that most forms of cloud computing are in their infancy, and that immature technological structures are the order of the day.Whether an SME outsources basic data storage services or utilises the entire platform offering, the consequences of a breach cannot be outsourced and therefore the responsibility for securing the data in question remains an obligation the SME has to address. Businesses interested in utilising cloud computing products must ensure they are aware of the privacy and security risks associated with using the product and take those risks into account when deciding whether to use it, especially if other individuals’ personal information is contained within the data. These security concerns are, however, no different from those that businesses have been facing for many years. The only change is in the delivery model of the services. It’s arguable that if a business takes its security seriously, the data may be just as safe in the cloud as if it were handled in-house; possibly more secure. The difference, however, is in the level of control that a business can exert to guarantee that security is maintained.So if the migration of services to the cloud is a topic of conversation in your business, ensure that the requisite due diligence is performed, levels of service and assurance are defined, expectations clarified, and that security measures appropriate for your data are presented in a transparent manner throughout the vendor-client interaction. Ask to see software development procedures and policies, security testing policies, vulnerability disclosure policies and update schedules.Hopefully this year’s mantra will be "2011 – Year of the Secure Cloud”. 

How Dell EMC and NVIDIA aim to simplify the AI data centre
Businesses are realising they need AI at scale, and so enterprise IT teams are increasingly inserting themselves into their company’s AI agenda. 
Orange Belgium opens 1,000 sqm Antwerp data centre
It consists of more than 500 high-density 52 unit racks, installed on the equivalent of 12 tennis courts.
Time to build tech on the automobile, not the horse and cart
Nutanix’s Jeff Smith believes one of the core problems of businesses struggling to digitally ‘transform’ lies in the infrastructure they use, the data centre.
Cloud providers increasingly jumping into gaming market
Aa number of major cloud service providers are uniquely placed to capitalise on the lucrative cloud gaming market.
Intel building US’s first exascale supercomputer
Intel and the Department of Energy are building potentially the world’s first exascale supercomputer, capable of a quintillion calculations per second.
NVIDIA announces enterprise servers optimised for data science
“The rapid adoption of T4 on the world’s most popular business servers signals the start of a new era in enterprise computing."
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Storage is all the rage, and SmartNICs are the key
Mellanox’s Kevin Deierling shares the results from a new survey that identifies the key role of the network in boosting data centre performance.