For security's sake, the cloud may have to be your own

Clarifying issues surrounding this emerging security architecture

Internal clouds – those owned by individual businesses for their own use – might be the only way around the security concerns some businesses may have with cloud services.

A new Burton Group research paper says that the sensitivity of the data involved may make the inherent risks of relinquishing data to a public cloud too great to tolerate. “For IT organizations not comfortable with moving data outside their enterprise internal clouds can simplify a storage infrastructure and make it more accessible,” according to “Cloud Storage: An Emerging Market” by Burton analyst Gene Ruth.

While the paper discusses broader issues of cloud computing, it points up areas of concern including data integrity and verifying that data is treated as the customer wants it treated even if service level agreements should cover the issue.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Internal clouds – those owned by individual businesses for their own use – might be the only way around the security concerns some businesses may have with cloud services.

A new Burton Group research paper says that the sensitivity of the data involved may make the inherent risks of relinquishing data to a public cloud too great to tolerate. “For IT organizations not comfortable with moving data outside their enterprise internal clouds can simplify a storage infrastructure and make it more accessible,” according to “Cloud Storage: An Emerging Market” by Burton analyst Gene Ruth.

While the paper discusses broader issues of cloud computing, it points up areas of concern including data integrity and verifying that data is treated as the customer wants it treated even if service level agreements should cover the issue.

Even in cases where businesses negotiate solid SLAs, proof of compliance may be hard to get. “Thus, an IT organization must accept the risk that a cloud storage provider could fail to deliver (or even know of) services consistent with the expectations described in an SLA,” the report says. “Automation to help prove SLA compliance is minimal.”

One possible means of better securing data in a cloud provider’s network is making sure it isn’t commingled with other customers’ data, but that could require dedicated hardware – which runs counter to one of cloud computing’s major benefits - the efficient, economical use of resources.

The downside for some businesses is so great if data privacy is breached they may decide the best thing is to maintain data themselves, Burton says. Security concerns may just be too great to allow some businesses to even consider the significant financial attractions of cloud computing services.

Read more about security in Network World's Security section.

Tim Greene is senior editor at Network World.