Early padlock style, on the front gates of St.
Image via Wikipedia

I just published a piece over on CloudAve, reporting the results of a Cloud Computing survey commissioned from Kelton Research by Avanade. The survey of over 500 senior executives from companies in seventeen countries appears to suggest that cost savings and efficiency gains are being sacrificed because of significant concerns about security issues with Cloud Computing.

The same concerns were raised repeatedly in San Diego last week, where I was speaking at TTI/Vanguard‘s event on Cloud Computing.

In one of my first slides I asked whether ‘security’ was a reason for not entrusting data to the Cloud or an excuse not to change, and whilst these things are never black and white my conversations in San Diego and with Avanade CTO Tyson Hartman make me increasingly convinced that ‘excuse’ probably trumps ‘reason’ in this particular case.

Whilst not wanting to get too deep into discussions held behind closed doors at a membership event, it is worth noting that the TTI/Vanguard event began by asking attendees to rate their level of concern at each of the ten ‘obstacles’ outlined in Berkeley’s recent report on Cloud Computing (hear my podcast with two of the team, here.) Asked to rate each, simply, as of ‘little,’ ‘moderate,’ or ‘significant’ concern, I repeatedly found myself wanting to respond that an issue was (mostly) ‘critically important but easily addressed,’ or (once, I think) ‘not really that important but difficult to solve.’

Polarised like that from the beginning, security was obviously going to raise its head again and again and again; and it did. Of course security is important in the Cloud, just as it is inside your own data centre. That importance doesn’t mean that it’s an insurmountable problem. It doesn’t even, in many cases, mean it’s that hard to do something about.

One of the other points in my presentation suggested that we misguidedly – and expensively – apply blanket protections to our enterprise data. For most organisations, the vast majority of the data they hold is (to paraphrase Geoffrey Moore) merely context. Very little is core, yet the silo-based way in which we collect, store and control our data reinforces existing practice and makes it hard to even contemplate the significant cost savings and efficiency gains to be had by opening up access to some of your own contextual data in return for access to that held by others.

Just as startups without infrastructural baggage were among the first to embrace utility computing in the Cloud, maybe we need to look to similarly unencumbered organisations for real exploitation of their data in the Cloud?

Security is important, and don’t think for a moment that I’m suggesting otherwise. It’s worth remembering, though, that there are plenty of well understood approaches to securing data that work in the Cloud just as they do elsewhere. It’s also worth understanding what you’re protecting, why you’re protecting it, and the barriers to (legitimate) use and re-use that unnecessary over-protection will raise.

Reblog this post [with Zemanta]