Less cloud, more cloud computing clarity please

Like the runaway bus in Speed, ‘cloud’ looks set to dominate the news agenda throughout 2011.

We’re only just passed the midpoint of January and yet every major IT news story of note these past few weeks has been cloud related. Whether it’s an M&A story such as Dell’s acquisition of Medical Cloud Storage Firm Insight One, a funding win or an analyst’s prediction of the market size, you cannot escape the cloud’s omnipresence.

It seems like only yesterday that you could tap the term ‘cloud’ into Google and the top results featured terms such as cirrus, altostratus and cumulus. I shudder to think what the school children of today use for illustrations in their meteorology projects. I have this recurring nightmare of pupils, standing at the front of a class, project in hand, explaining to fellow classmates that rain is formed as a result of pressure build up in the hybrid cloud and that rainforest deforestation is directly attributable to the effects of the Amazon Elastic Compute Cloud (EC2 is the given scientific name for this phenomenon).

Whilst it is certainly too early to determine what the focus for this year’s cloud stories will be, there has been a couple of rather scary articles that have caught the eye and they focus on the cloud’s perceived weakness in terms of data security. There can be no doubt that we need to educate potential users about the pros and cons of cloud computing but do we really need to scare the bejesus out of them?

“Don’t use cloud for sensitive data, EU warns members.” screamed the headlines this week as the European Network and Information Security Agency (ENISA) released a warning that government agencies in the EU bloc should only deploy cloud services for applications that do not process sensitive data. The reason for this warning? Data handling legislation in some EU states prevent certain data types from being taken out of their respective national borders.

On a similar theme, Canadian organisations have begun to voice legitimate concerns about cloud computing and the use of American based cloud hosts, in relation to the Patriot Act. Under the act, U.S. officials could access information about citizens of other countries, including Canada, if that information is physically within the United States,” reads a report on the website of Canada’s Treasury Board Secretariat.

At first glance, both reports appear to red flag security issues with cloud computing in general, and that is wholly misleading. When you dig a little deeper, and assuming that you understand the different cloud types , what you actually find is that the concerns relate to the PUBLIC cloud.

ENISA goes on to say that so-called private clouds are currently the most viable option for public sector bodies “since they offer the highest level of governance, control and visibility”. Private clouds deliver services and infrastructure in highly virtualised form from an organisation’s own data centre. This approach is exemplified by the UK government’s proposed G-Cloud project. So the cloud is safe then?

Likewise the Canadians admit that ‘of the leading public cloud providers Amazon, Google and Microsoft, none have data centres in Canada.’

What both reports are actually stating is that there are legitimate concerns with the use of the public cloud but not much wrong at all with Private (and you can certainly add Hybrid) Clouds.

Data protection is a key concern for any individual or organisation, which is why we have legislation to protect us and it should be considered a major factor when determining what cloud solution meets your needs. But despite the common misperception that the cloud is some vaporous virtual entity it does have a physical footprint. The cloud is hosted in a physical data centre, in a physical location, on a physical continent.

If the physical location of your data is critical to you, for legislative or governance issues, then simply ask your potential cloud host where their data centres reside. If they can’t give you an exact location of where your data will be hosted e.g. “Not sure. It could be in one of several countries.” then don’t use them, it’s that simple.

To suggest that the ‘cloud’ is insecure and should be avoided is, as stated, grossly misleading and I sincerely hope that this is not a trend that will gather momentum over the coming the year. We are still very much at the ‘educating’ stage of the cloud market and it is this that we all need to concentrate on.

A recent survey from PeoplePerHour.com showed small and medium enterprises were still baffled by cloud technology. Three quarters of the respondents (74 per cent) said they didn’t use cloud computing and 43 per cent of those did not even know what the term meant.

So what are the odds of that 43 per cent wanting to understand how the cloud can help their business if they believe, at the outset, that ‘it’s too dangerous a concept even for Government to use’? Pretty long I would suggest.

My hope for 2011? Less cloud more clarity please.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Phil Worms is the director of corporate communications for iomart Group, one of Europe’s largest providers of managed hosting, cloud computing and business continuity services. Having spent 25 years working in the IT industry he is recognised as one of its brightest thinkers. He regularly contributes internet and "new media" related features for trade publications and national newspapers and is a Fellow of the Royal Society of Arts. He is an advocate of social media using it for both business and charitable causes. Phil has sat on several national advisory committees ranging from the provision of broadband access to online safety initiatives. He is now heavily involved in the debate surrounding the greening of IT with energy efficiency and carbon emission reduction a particular topic of interest. In his spare time Phil is dedicated to raising money in an attempt to bring a new arts and music centre to his hometown of Helensburgh. It is this venture that has given him his finest moment – being mentioned on David Bowie’s official website when he organised a mass community recording of the classic song Heroes!

  • Gregor Petri

    Phil,

    Physical location of data is not the issue (they are data, basically they are not even physical, half a record may be in Canada, half in the US and one third may be in both). What matters is jurisdiction. Just like we agree with our vendor what law our contract will be under (Delaware seems to be a popular one), contracts will specify what jurisdiction data will fall under (which will determine how they are processed and where they are to reside (logically and physically). Iceland is positioning itself to become the Switzerland of (private) data banking. Sure we will see more of this. Meanwhile companies wont be able to rely and audits and certificates to erase cloud security concerns (http://community.ca.com/blogs/cloud/archive/2011/01/18/audits-and-certificates-won-t-erase-cloud-security-concerns.aspx) they will have to plan for resilience.