Cloud Computing Security - Cloud Based Construction Software

Regular readers know that I write on a regular basis on the topic of cloud computing. That’s because it represents one of the most significant shifts in computing and software technology in years. Like all important changes, it is accompanied by a certain degree of hesitation and unease. Control, security, and connectivity are the three areas I hear mentioned most often when folks debate the merits of the Cloud. The concerns are legitimate, but so are the responses that mitigate them. Here are examples of a few common “cloud angst” comments I hear, and the way I respond to them. Let me know if you agree…

I’m uncomfortable not knowing where my data physically exists

I understand the psychology here. Being able to lay your hands on the server holding the silicon and signals that represent your data provides a feeling of control. But the real question to ask here is: does running software on your own hardware give you any significant benefit? Do you have better access? Security? Uptime? Disaster recovery?

The answer depends in part on the level of hosting service you have for your cloud software. It is my contention that hosted applications, particularly private cloud deployments, provide better overall information technology then most companies can provide for themselves (more on this below).

I also respond to this concern with a question: “Where is your money?” This usually gives people pause (or in some cases causes them to back away from me slowly). Because, after all, most of our assets exist in a nebulous digital state on various computer networks. Sure, we can (we hope) transfer funds into real tangible currency that we can stuff in our mattresses. But in the past 20 years, we have become very used to the idea of our assets being deposited, exchanged, transferred, and traded via copper wires, not gold bars.

My data is less secure in the Cloud

When a large hosted service provider like Amazon or Sony is hacked, it makes the news. When a smaller private company has its own data security compromised, we don’t usually hear about it. So there is an understandable perception of greater vulnerability in the Cloud. But consider the following characteristics of a typical private cloud hosting service:

  • 128 bit (strong) encryption
  • Certification (SAS 70 Type II or SSAE 16)
  • Physical security (biometric controlled access to server rooms, etc.)
  • Data recovery algorithms
  • Scheduled data backup
  • Geographic redundancy

Chances are high that data on a server on company premises is not going to have all of these protections. Providing reliable hosting is the one reason a hosting service provider exists, so it is in their selfish interest to perform this function better than most companies can. And according to a recent survey* sponsored by Symantec, the Internet security company, the most common cause of security compromise is the negligence of company employees – something that no amount of high technology is going to prevent.

Cloud applications can’t integrate with my other applications

As I begin to write my response to this concern, I realize I’m heading into the territory of what should be an entire new topic. Let’s pick this up the subject of software integration over the Internet next week…

*Source: 2011 Costs of a Data Breach Reports, Symantec and The Ponemon Institute.

Search The Blog