Security, a disadvantage of cloud computing?
By JS on Jan 25, 2010
Indeed, for those companies who have strong IT expertise and sufficient resources to build their own data center, security may be a disadvantage of public clouds of cloud computing. However, vast majority of organizations are not capable to setup a sophisticated IT infrastructure on their own, because of lacking of either necessary conditions mentioned above. In most cases, organizations focus on functional requirements and are not able to pay adequate attention to security issues when building IT infrastructure. The consequence is many IT systems running without necessary security control procedures, and thus be in a dangerous environment. This is especially true for small and medium size enterprises (SME). For such organizations, cloud computing, even public clouds, actually becomes a more secure option. Cloud computing providers pervasively build network security and system security into the cloud infrastructure. They have well-equipped and professionalized staffs to protect the cloud system from network threats and virus. Security of cloud systems is one of the basic offerings of any mainstream cloud services and normally does not charge extra service fee. Thus, when facing government's requirement on system security, enterprises can effectively increase the security of their information system by leveraging cloud computing if they do not want to spend resources on this task. Here is an example of the security requirement from governments:
November 24, 2009, the state council of China required companies in the network media industry to take the responsibility of maintaining network security of their own information systems. One background of this requirement is, presently, most Chinese media companies are not specialized in network security. Most information systems have potential security problems, and the systems are vulnerable to network attacks. It is obligated for media companies to take action in response to this requirement from the government. In the traditional on-premise computing, the most common reaction is to allocate dedicated resources to take charge of network security. This manner normally implies more investment on computer hardware, software and human resources. Since this is not a one-off investment, so it has to be integrated into the cost structure of the company as a constant operating cost. In addition, network security does not belong to the core competence of a media organization. Hence, such investment may do harm to the profitability of organizations.