Cloud services aren't inherently riskier or more insecure than maintaining applications and data in the corporate data center. In fact, some experts still believe that the cloud provides greater security to enterprises.
The recent Amazon EC2 outage and the
Sony PlayStation Network data breach have served to renew concerns in
enterprises that cloud computing is inherently less secure than private,
self-contained data centers.
Amazon's Elastic Compute Cloud
and Elastic Block
Storage platforms were both affected during an April 21 outage that had major
Websites unavailable for three days. The cause of the outage remains unknown.
Meanwhile, entertainment giant Sony shut down two of its cloud services, the PlayStation Network
for games and Qriocity for
music and video, on April 19 after "an external intrusion" that resulted in the
theft of personal information belonging to 77 million customers.
The problems, while significant, are
not unique to cloud services. Amazon's outage focused a lot of attention on availability issues and reliability
, but those
concerns exist in traditional data center environments as well.
"It happened all the time," Chris
Drake, founder and CEO of Firehost, told eWEEK. People generally didn't
hear about outages in the data center because they affected only one
organization and were smaller scale, but they often added up to far more lost
time, money and business, Drake said.
The Amazon EC2 outage "pointed to the
elephant in the living room that availability is a real issue," Paul Roberts, a
security evangelist at Kaspersky Lab, told eWEEK. Redundancy is critical, whether
it's having additional backups, having redundant servers in another location or
creating a failover system with another cloud provider, Roberts said.
"In this age of customer uptime, we've
forgotten that it used to happen all the time," Roberts said.
For organizations that have moved
security applications to the cloud, this kind of an outage may seem a little
nerve-wracking. However, the severity of downtime affecting cloud-based
security services depends entirely on how "paranoid" the organization is and on
its tolerance for downtime, Roberts said.
The most common cloud-based security
applications are Web and spam filtering, hosted email, malware scanning and
hosted application firewalls. If any of these services were unavailable for a
stretch of time, it would be inconvenient and leave the organization
vulnerable, but it wouldn't bring business to a standstill, according to
"An outage of 36 hours wouldn't stop
attorneys at a law firm from being productive," Roberts said.