Story image

Year of the cloud

01 Jan 2011

During the course of 2010, most people would have heard the term ‘Cloud Computing’ at one stage or another. Some of us have a clear understanding of what this term means, whereas others are still grappling with this meteorological metaphor which refers to a class of technology destined to change lives forever.
Perhaps that last sentence was laying it on a little thick, but there is no doubt that benefits exist if you look for them. Below is a brief summary of the pertinent ‘cloud’ concepts before we delve into some of the security concerns still inherent when engaging with this technology paradigm. In ‘Cloud Computing’, users rely on another party to provide access to remote machines and software, whose whereabouts are neither known nor controllable by the user.
Cloud Storage – is the scenario where a business stores and retrieves data from a data storage facility via the internet.
Software as a Service (SaaS) – is the scenario where applications are run on a SaaS provider’s system and accessed by a customer, usually through a web browser.
Cloud Infrastructure/Platform – is the scenario where the provider operates the whole computing platform or operating system for the customer which is accessed via the internet. Applications can then be run on the cloud platform/operating system in conjunction with utilising cloud storage.
Although this technology provides great opportunities to introduce efficiencies and reduce costs, its success has always been hampered by lingering security concerns. The three issues most often raised by SMEs include concerns around data protection, data location and access to data.
Whenever data protection is raised as a concern, cloud vendors will refer SMEs to the service level agreements (SLAs) and provide assurance that best practices are being adhered to. The real test of a vendor’s confidence, however, is their willingness to take responsibility for any losses experienced by the SME as a result of a breach.
The location of your data is a valid concern due to the fact that cloud vendors often outsource data storage or use distributed, global data centres. How comfortable can a user be that they are complying with the data protection laws in their own country and the country where the data resides?
Who has access to your data? How does the cloud application handle user account creation, deletion and management? How does it manage the access and permissions granted to user accounts? These are valid concerns, as cloud services place a surfeit of valuable data from thousands of users in a single place, and access controls should be stringently applied. The level of rigour afforded to check employment history and individual integrity may result in your data being accessed by less-than-savoury individuals who do not have an allegiance to your organisation’s well-being. Any privacy discussion related to cloud computing acknowledges that most forms of cloud computing are in their infancy, and that immature technological structures are the order of the day.
Whether an SME outsources basic data storage services or utilises the entire platform offering, the consequences of a breach cannot be outsourced and therefore the responsibility for securing the data in question remains an obligation the SME has to address. Businesses interested in utilising cloud computing products must ensure they are aware of the privacy and security risks associated with using the product and take those risks into account when deciding whether to use it, especially if other individuals’ personal information is contained within the data. These security concerns are, however, no different from those that businesses have been facing for many years. The only change is in the delivery model of the services. It’s arguable that if a business takes its security seriously, the data may be just as safe in the cloud as if it were handled in-house; possibly more secure. The difference, however, is in the level of control that a business can exert to guarantee that security is maintained.
So if the migration of services to the cloud is a topic of conversation in your business, ensure that the requisite due diligence is performed, levels of service and assurance are defined, expectations clarified, and that security measures appropriate for your data are presented in a transparent manner throughout the vendor-client interaction. Ask to see software development procedures and policies, security testing policies, vulnerability disclosure policies and update schedules.
Hopefully this year’s mantra will be "2011 – Year of the Secure Cloud”. 

How big data can revolutionise NZ’s hospitals
Miya Precision is being used across 17 wards and the emergency department at Palmerston North Hospital.
Time's up, tax dodgers: Multinational tech firms may soon pay their dues
Multinational tech and digital services firms may no longer have a free tax pass to operate in New Zealand. 
Spark’s new IoT network reaches 98% of New Zealand
Spark is the first company to confirm the nationwide completion of a Cat-M1 network in New Zealand.
WhatsApp users warned to change voicemail PINs
Attackers are allegedly gaining access to users’ WhatsApp accounts by using the default voicemail PIN to access voice authentication codes.
Robots to the fore – Key insights for New Zealand Business into RPA in 2019
From making artificial intelligence a business reality to closer ties to human colleagues, robotic process automation is gearing up for a strong 2019.
50 million tonnes of e-waste: IT faces sustainability challenges
“Through This is IT, we want to help people better understand the problem of today’s linear “take, make, dispose” thinking around IT products and its effects like e-waste, pollution and climate change."
Vocus & Vodafone unbundle NZ's fibre network
“Unbundling fibre will provide retail service providers with a flexible future-proofed platform regardless of what tomorrow brings."
IDC: A/NZ second highest APAC IoT spenders per capita
New IDC forecast expects the Internet of Things spending in Asia/Pacific excluding Japan to reach US$381.8 Billion by 2022.