Seite 32 - Cloud Migration Version 2012 english

32 
2.2
Cloud Security  
The security of Cloud services has been the subject of heated debate for 
some years.
7
One side of the debate claims Cloud computing harbours 
uncontrollable risks and warns that we may well lose control of our 
own data. 
The other side sees Cloud computing as the way to higher security 
through the increasing industrialisation of IT services. 
Both lines of argument have their merits. We can naturally expect a greater 
aggregation of data at certain providers as IT continues to industrialise. If a 
security incident were to occur in this situation, the assumption is that 
larger masses of data and even more enterprises could be affected as well. 
In as much, the damage caused by a security incident, at such a provider, 
would be greater than the damage ensuing in the individual operations of an 
enterprise, which has outsourced its data and services to that provider.  
There is another factor that makes the impact look even worse. While in‐
house security incidents are almost never reported (unless required by law), 
it is not the case for the processes that many enterprises have contracted 
out to external service providers. There will be no mantle of silence to cover 
up a security incident that affects so many enterprises and causes so much 
damage.  
Deciding if one side of the debate is right will depend on business indicators 
which we simply do not have at this time as they do not have to be reported 
in today's regulatory climate. 
Yet one thing is clear, the need to establish a systematic approach to secure 
our own data and processes. 
Therefore it is indispensable to learn how to integrate our technical and 
business situation with Cloud computing. As part of the big picture, Cloud 
computing can be seen in the context of other hot topics. 
The basic philosophy of IT security to prevent security incidents is not only 
relevant for Cloud computing but also general business practice for other 
types of information management. To achieve that goal, we must clarify and 
understand the risks associated with Cloud computing. That is the only way 
to do justice to the idea of prevention. 
7
An expanded version of this chapter can be found under