The Challenges of Security in the Cloud
A recent story in Bloomberg revealed that companies in the U.K. and Canada are apparently starting to add new language to their cloud computing contracts. These new additions stipulate that their company data never be stored on United States soil and it would appear this in response to the recent Snowden revelations about NSA data compromises.
But as an article in Wired points out, this is old news. Well at least as old as cloud computing itself. More than 10 years ago, the Patriot Act was passed in response to the 9/11 attacks giving federal agencies the power to go after data in the name of national security. And so the reality is that cloud storage companies have always had the tough job of convincing clients that their data will be safe in the cloud.
Certainly the challenges are complex for these companies. Holding off government efforts to grab data both physically and politically is no simple task. Convincing prospective clients that cloud companies will be able to keep their private data secure in the cloud is equally tough. But this dynamic has been part of the cloud services equation since 9/11, and yet cloud services have continued to grow.
Now unfortunately (or fortunately depending on your perspective), thanks to Snowden and the NSA, it is clear that data wasn’t quite as protected as we thought. But also as a result of these revelations, there is an even greater imperative to both ensure security and convince the business community that data center services in the cloud are actually safe. In a way, this new reality is an opportunity to step up security efforts and many of the larger players are doing just that.
It appears the incentive to tackle real cloud security issues may be driven heavily by these growing overseas concerns. There is a huge business market for the Microsofts of the world beyond U.S. shores. Continuing to enhance cloud security will pay huge dividends going forward and these companies certainly have the horsepower to figure it out.
The truth is that cloud security is no different that everything thing else we tackle in the IT industry. The problems are real, and they evolve. Our solutions must be nimble and responsive. The cloud is no different, just a little more challenging and a lot more public.