WebSite Malaysia.Net

By JO TIMBUONG
bytz@thestar.com.my

Prudent organisations would look before they leap into cloud computing, according to an expert at IBM Corp.

Businesses need to first adopt a datacentric attitude before considering this popular computing trend, said Marnee Gordon, a regulatory analyst with IBM.

They should also be cautious of promises by vendors of cloud-computing services concerning data safety.

"In any kind of outsourcing relationship, the service provider and client must have the same level of protection over the assets," Gordon said on the sidelines of the IBM Cloud Computing Symposium in Kuala Lumpur.

She said even large companies that are very careful about cloud security have had missteps because they lacked a proper understanding of the security issue, or with their third-party solutions provider.

"One of the main causes for the loss of sensitive data is not knowing clearly what can be outsourced and what should stay in-house," she said.

Gordon said that when data flows between two organisations, there should also be an equal balance of protection from both parties.

"Organisations need to make sure that whoever handles their data maintains the same level of security they themselves enforce," she said.

Another pitfall that may ruin an organisation's migration to the cloud is a lack of understanding or support from management.

Gordon said many senior managers fail to scrutinise the impact of cloud adoption after drinking the cloud-computing Kool-Aid served up by some vendors.

"Senior executives get excited over things like savings in operational costs and the ability to get a product to market faster, but IT managers need to decide on functionality and not business impact," she explained.

She said that failure to strike a balance between functionality and business needs may lead to bigger problems, such as loss of data sovereignty.

She cited a case in the United States where several law firms stored their e-mail messages in the cloud.

"It made perfect sense, but by doing so these law firms destroyed lawyer-client privileges because now a third party had access to the communication.

"It may not be their business to read those e-mail messages but technically they have access to it. Some lawyers in the United States are splitting hairs over the issue because they believe it has damaged the trust between lawyers and their clients.

Each state is now looking at this very seriously," Gordon said.

The cloud will be more secure for organisations if they think about the business they are running and how cloud computing can complement it and not just help cut operating costs. "If senior management stopped and looked that their data and applied appropriate protection on that, they would solve a great majority of Internet security problems from that point on," Gordon said.

She reminded organisations to scrutinise their agreements with cloud-services vendors to make sure such protections were in place.

Organisations, she said, should only work with providers that can ease their security concerns. "Cloud vendors may have a kind of standard deployment, but one size does not fit all.

Organisations must specify the kind of data protection they want in the cloud," she added.