32
2.2
Cloud Security
The security of Cloud services has been the subject of heated debate for
some years.
7
One side of the debate claims Cloud computing harbours
uncontrollable risks and warns that we may well lose control of our
own data.
The other side sees Cloud computing as the way to higher security
through the increasing industrialisation of IT services.
Both lines of argument have their merits. We can naturally expect a greater
aggregation of data at certain providers as IT continues to industrialise. If a
security incident were to occur in this situation, the assumption is that
larger masses of data and even more enterprises could be affected as well.
In as much, the damage caused by a security incident, at such a provider,
would be greater than the damage ensuing in the individual operations of an
enterprise, which has outsourced its data and services to that provider.
There is another factor that makes the impact look even worse. While in‐
house security incidents are almost never reported (unless required by law),
it is not the case for the processes that many enterprises have contracted
out to external service providers. There will be no mantle of silence to cover
up a security incident that affects so many enterprises and causes so much
damage.
Deciding if one side of the debate is right will depend on business indicators
which we simply do not have at this time as they do not have to be reported
in today's regulatory climate.
Yet one thing is clear, the need to establish a systematic approach to secure
our own data and processes.
Therefore it is indispensable to learn how to integrate our technical and
business situation with Cloud computing. As part of the big picture, Cloud
computing can be seen in the context of other hot topics.
The basic philosophy of IT security to prevent security incidents is not only
relevant for Cloud computing but also general business practice for other
types of information management. To achieve that goal, we must clarify and
understand the risks associated with Cloud computing. That is the only way
to do justice to the idea of prevention.
7
An expanded version of this chapter can be found under