Trusting the cloud to handle sensitive transactions and security services isn't for every enterprise, but organizations from banks to app developers are starting to give it a try.
Gartner predicts the global cloud computing market will grow 18.5% this year to $131 billion, with business process-as-a-service accounting for the biggest chunk of that at 28%. According to Gartner's numbers, management, security and automation accounts for just 2.8%.
Even more traditional and conservative types of companies, such as banks, are venturing into the cloud to carry out complex processes that, in some cases, they find they can do far more efficiently outside of internal data centers.
Take TD Bank, for example, which like all banks has the legal obligation to process e-discovery requests related to any civil and criminal case in which bank records or email are needed. Dera Nevin, the managing counsel for e-discovery there, says she's found a cloud-based e-discovery system has been a huge advantage over trying to run an in-house application to do this.
"Our IT systems were not designed with e-discovery in mind," says Nevin. She points out that e-discovery involves complicated searches to ferret out exactly the right financial information that lawyers approaching the bank need to represent their clients in civil or criminal cases that might involve everything from arbitration to regulation to criminal subpoenas to matrimonial disputes.
By adopting Catalyst Repository Systems as a cloud-based service where documents are uploaded and then sorted through, the e-discovery process scales up much better than it did trying to sort through documents directly inside the bank's various locations, Nevin says.
Our IT systems were not designed with e-discovery in mind."
— Dera Nevin, managing counsel for e-discovery at TD Bank
"This platform is designed to take disparate file types and normalize them," Nevin says. TD Bank has literally "petabytes" of data that need to be searched for e-discovery and the cloud-based service has fine-grained searching mechanisms that make the process go faster and more smoothly for the bank's staff, Nevin says. TD Bank first uploads large volumes of data to the cloud service and then proceeds with the search.
Security in the cloud
Turning to outside vendors for security help is also a choice some companies are making when it comes to the cloud.
Atlanta-based PGi is a large provider of Web-based collaboration services available to mobile and desktop, a $525 million business operating in 25 countries with 45,000 enterprises customers. Sean O'Brien, executive vice president for strategy and communications, says his company has turned to the cloud for many types of services, including those from Salesforce, ServiceNow and Amazon EC2. To guard its collaboration service and its own internal network, PGi elected to have Symantec monitor and handle security issues that might come up.
The Symantec managed services are broad at PGi, relying on Symantec sensors that monitor traffic such as what two-factor network authentication is occurring, or picking up information directly from Symantec Endpoint Protection software on the desktop, sending security-relevant information to Symantec's cloud-based security and information management service. It's a log collection platform that collects data associated with servers, applications, firewalls and IPS, for example, so it can be immediately analyzed in the Symantec Security Operations Centers on a round-the-clock basis. O'Brien says this is a partnership model that the company needs on a global basis.
Like any business, PGi faces cyberattacks, particularly from fraudsters that try to break in, sometimes thorough customer networks.
"The occasional problem is inevitable," says O'Brien, noting fraudsters will try to hack into the network if only to try stealing telephone bandwidth to try to make calls to unlikely locales like Nigeria. Symantec has proven effective in monitoring to cut that kind of attack off at once, and also guards PGi's internal corporate network from problems such as malware.
Other companies say they've grappled with making choices about what cloud infrastructure as a service would suit their needs.
Baltimore-based Social Solutions, which makes applications used by thousands of public and nonprofit social service organizations, had been hosting these applications in an internal data center. But the company found it was hitting scalability issues.
Adrian Bordone, co-founder and vice president, says the 130-employee company considered using Amazon and Rackspace to run its applications, but in the end went with what SunGard calls its Availability Services and Cloud Services for a number of reasons.
SunGard's approach includes managed security for intrusion-detection and prevention as well as disaster recovery, high availability and multi-site failover. This carried weight not only with Social Solutions, but with its customers who are "risk averse," Bordone says. Since the shift to SunGard, there have simply been no significant problems over the past few years, says Bordone. "We've had zero downtime," he says.
Shifting from an in-house data center to cloud IaaS had to be considered from the regulatory viewpoint as well, Bordone says. Rules in Canada, for example, require that Canadian health and human services agencies that are publicly funded keep data within the country's borders. So Social Solutions uses SunGard's Toronto-based facility to provide applications to its Canadian customers, and sticks with the Philadelphia-based SunGard facility to serve U.S.-based customers.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: firstname.lastname@example.org.