Defending the Cloud - And Your Business

Updated: April 30, 2009

Businesses are turning to cloud computing in growing numbers for a variety of reasons. By "publishing" datacenter resources — such as servers, storage and network connectivity — cloud computing supplies a pay-by-consumption scalable service that's usually free of long-term contracts and is typically application- and OS-independent. Cloud computing also benefits adopters by eliminating the need to install any on-site hardware or software.

On the other hand, cloud computing remains a new and widely untested technology. Among all the critical issues potential cloud adopters face, security may be the most urgent. Today, most cloud providers are touting the technology's safety benefits while simultaneously working to patch its inherent weaknesses. To cut through the confusion, here's a quick look at cloud-computing security strengths and weaknesses.


Cloud computing provides an array of security advantages, including:

Better Data Security: By using the cloud as a thin client technology, businesses can limit exposure threats posed by data-crammed laptops and backup discs. Instead, they allow the cloud to provide small temporary data caches for mobile devices.

Enhanced Monitoring: Centralized storage on the cloud is easier to monitor and protect than data spread around a business on individual user machines.

More Efficient Security Software: It's possible, perhaps even likely, that cloud-computing customers (being billed on the basis of CPU cycles) will drive software vendors to fix inefficient security approaches that needlessly burn up resources.

Better Anti-Virus Detection: University of Michigan researchers recently discovered that if anti-virus software tools were moved from a PC to the cloud they could detect 35 percent more recent viruses than a single anti-virus program (88 percent versus 73 percent). Moreover, using distributed software, the researchers caught 98 percent of all malicious software, compared with 83 percent for a single anti-virus solution.

Infinite Logging Space: Cloud computing makes it much easier to create highly granular logs that can later provide concrete proof of suspicious activities. Cloud computing should also make it easier and more convenient for datacenters to embrace logging. In the cloud, it's no longer necessary to compute logging disk space in advance, since storage is always available on an as-needed basis.

Flexible, Cheaper Security Testing: With cloud computing, it's easy to create the extra temporary resources needed to pilot a new security technique within an exact copy of your everyday production environment.


It seems that every cloud, even a virtual one, must have its dark side:

User Access: With data sent off-site, it's easier for unauthorized people to gain access to critical business data. That's why you must press the cloud provider to give you information on who it hires and exactly how it restricts data access.

Regulatory Compliance: Cloud computing makes regulatory compliance far more complex by placing the responsibility into the hands of an outside provider. This fact can make it difficult, perhaps even impossible, to ensure information integrity and overall security.

Data Location: With cloud computing, business data can be sent literally anywhere, perhaps even split among different locations around the world. This means that critical company information may reside in places with loose — or nonexistent — privacy laws, leaving a business vulnerable to data leakage.

Forensics Threat: Cloud computing's data dispersion can make it difficult — and sometimes impossible — to track unauthorized activity, despite careful logging.

Recovery: Unless a provider supplies a rock-solid guarantee, a business may find itself experiencing great difficulty recovering lost services and/or data.

Provider Stability: Outsourcing data and other resources is generally a great idea. Yet, if a cloud provider suddenly folds up shop, it could essentially take your entire datacenter along with it.

The Bottom Line

Cloud security is both diffuse and evolving. Any business considering a move into the cloud needs to understand the approach's various security advantages and drawbacks. The next step should be to question individual providers on their security practices and guarantees and then judge how everything will fit into existing business protection strategies and policies.

Related Categories
Featured Research
  • The Benefits of Cloud Computing

    Cloud computing represents the next phase in the logical evolution in the delivery of IT services. This complimentary white paper from IBM will explain how cloud computing will help your business through specific examples from cloud implementation abroad, and more. more

  • Defining a Framework for Cloud Adoption

    This complimentary white paper from IBM introduces the cloud computing adoption framework from IBM and make it available for use by any organization looking for a standardized frame of reference for cloud computing discussions. more

  • Gartner Magic Quadrant for Operations Support Systems

    With IBM's Service Assurance and Fulfillment solution CSPs are able to integrate business processes with service delivery systems, modernize legacy and proprietary systems, and focus on fast return on investment. And in the first ever Magic Quadrant for Operations Support Systems (OSS), Gartner has declared IBM the "leader" in the space. more

  • Magic Quadrant for Application Performance Monitoring

    In their latest release of the 2011 Magic Quadrant for APM, Gartner has identified IBM Tivoli as the leader. Gartner recognizes that IBM remains a thought leader at the forefront of the APM industry. more

  • Adding Networks to Integrated Service Management

    Integrated Services Management, or ISM, is a major evolutionary force guiding management technology and practice progress in enterprises today. The implications of ISM are broad, but the essence of the initiative is a re-thinking of how IT delivers value to the organization it serves, and a re-framing of all IT contributions around the concept of services. more