Cloud hosting may be more cost-effective and efficient than non-cloud alternatives, but IT managers must evaluate whether it makes real business sense and ensure that it doesn't violate corporate security policies.
Editor's Note: This article is an introduction to the white paper "Security Considerations for the Cloud" available free to download from the MC White Paper Center.
Security concerns abound when it comes to cloud computing. If you do any research on the concerns associated with doing business in the cloud, a top concern—if not the top concern—is always data security and privacy. Are these concerns justified, or is it simply the fear of the unknown? Let's take a look.
Just as you do when you take advantage of any new technology, you have to decide whether the new technology is just "cool" or it actually meets your business needs. When it comes to cloud computing, it has the potential to save significant money over hosting your own computing resources—in terms of hardware, support of that hardware, and software licenses. But just because it saves money does not necessarily mean that it will meet your business requirements. Specifically, you must examine both the technology and the technology provider to ensure they can meet your organization's security policy requirements, legal requirements for issues such as discovery of information when in a lawsuit, and compliance requirements for all of the laws and regulations with which your organization must comply.
Much of whether cloud computing meets your business requirements depends on the type of data being stored, manipulated, or shared in the cloud. If you're thinking of using the cloud to manage Personally Identifiable Information (PII), healthcare information, or Payment Card Industry (PCI) data, you'll want to look at the requirements your organization's security policy places on this type of data.