Hybrid Cloud Computing Security: Real Life Tales
Mixed IT infrastructures, including cloud and non-cloud systems, will be the norm at many companies for many years. Learn about key cloud security concerns and solutions from three early cloud users.
Wed, February 23, 2011
CSO — For all the talk about public clouds versus private clouds, many organizations will likely end up with a mixed IT environment that includes both types of cloud as well as non-cloud systems and applications--at least for a next several years.
Security remains a concern for many CIOs, but if the business case supports it, companies are going to move all but the most sensitive and high-risk data to the cloud. Those executives that have started weaving together cloud and non-cloud environments say they've taken steps to ensure that security is an early consideration, have included security provisions in service-level agreements (SLAs) and contracts, and have worked to maintain compliance and secure integration.
Also read 5 cloud security trends for 2011
Industry experts say that despite the well-publicized worries about security, the mixed IT environment will likely appeal to many organizations, particularly global enterprises.
"The hybrid cloud model makes a lot of sense in large organizations," says Janel Garvin, CEO of Evans Data, a market research firm in Santa Cruz, Calif. "As security concerns lessen, many might move more of their computing resources out to the cloud. But some may keep a hybrid model for years to come."
Outward-facing applications, such as collaboration, communications, customer-service and supply-chain tools, are excellent candidates for the cloud, Garvin says, while information such as financial and customer data is more likely to reside on-premise. "Most companies also feel that backup for storage and apps should still be kept internally, even if the data and apps reside in a cloud," she adds.
As recently as a few years ago, ventures into the cloud were mostly experimental, back-burner projects, not something to which companies would trust critical data, says Chris Silva, senior vice president of research and service delivery at IANS Research, an information security research firm. Today, "we're seeing a lot more things taking on a cloud flavor," Silva says.
A growing number of businesses are seeing value in services that provide increased processing power for busy times, such as holiday shopping seasons or financial reporting periods, Silva says. "This has moved from fringe activities to the mainstream."
Into the Cloud: The Business Case Rules
To be sure, some companies are still reluctant to use the cloud for customer and other sensitive data because they have security and regulatory compliance concerns. Nevertheless, businesses are forging ahead with cloud initiatives, and, as with other significant IT investments, decisions about whether to use the cloud and which services to adopt often come down to whether there's a strong business case.