You are here:
Solutions
Details
Safe in the clouds
June 18, 2009
Security is especially important for large companies faced with the question of whether or not to use cloud computing. That's why many companies are reluctant to outsource their applications and data to the cloud. We asked Dr. Eberhard von Faber, a security expert at T-Systems and professor at the Brandenburg University of Applied Sciences to tell us more about how secure cloud computing really is.
Professor von Faber, how secure is the cloud?
To be able to answer that question, you first need to distinguish between two possible kinds of security-related problems. On the one hand you have very real IT risks. Is there an easy way in for hackers? On the other, you have the question that many companies are asking themselves, one that is just as important: Can I be sure that risks can be calculated and that the security measures are sufficient? Here we're dealing with knowledge of security and possible risks. Before companies over- or underestimate the risks of cloud computing, they should contact as many providers as possible and talk to them about security. Companies need to know exactly what degree of security they can expect before deciding on a provider. This requires a high degree of transparency.
To be able to answer that question, you first need to distinguish between two possible kinds of security-related problems. On the one hand you have very real IT risks. Is there an easy way in for hackers? On the other, you have the question that many companies are asking themselves, one that is just as important: Can I be sure that risks can be calculated and that the security measures are sufficient? Here we're dealing with knowledge of security and possible risks. Before companies over- or underestimate the risks of cloud computing, they should contact as many providers as possible and talk to them about security. Companies need to know exactly what degree of security they can expect before deciding on a provider. This requires a high degree of transparency.
Is that even possible in the cloud?
That's where we actually find ourselves in a dilemma. The concept of cloud computing is to provide industrialized services in which the provider offers flexible ICT resources on demand. Every user receives the same services and doesn't need to worry about a thing. They don't even need to have specific knowledge of the services they're using. However, if the provider suddenly decides to move data contained in the network customers have ordered to a country of the provider's choice, customers could find they have a problem.
That's where we actually find ourselves in a dilemma. The concept of cloud computing is to provide industrialized services in which the provider offers flexible ICT resources on demand. Every user receives the same services and doesn't need to worry about a thing. They don't even need to have specific knowledge of the services they're using. However, if the provider suddenly decides to move data contained in the network customers have ordered to a country of the provider's choice, customers could find they have a problem.
How so?
The idea that every country has different customs also applies to security. In extreme cases, this could mean that a company doesn't meet legal or industry-specific requirements. For example, there are major differences in data security pertaining to intellectual property and the relevant laws. There are also different risks posed by governmental intervention, such as wiretapping or access that goes unnoticed. Governmental authorities in some countries can demand to see complete backups without warning. Other countries don't allow some types of security technology. That means that companies can't encrypt their information everywhere without limitation. There are also differences in security cultures and legal practices. And the list goes on. That's why T-Systems doesn't have data centers in every country around the globe but only in those countries where risks like these are manageable right from the start.
The idea that every country has different customs also applies to security. In extreme cases, this could mean that a company doesn't meet legal or industry-specific requirements. For example, there are major differences in data security pertaining to intellectual property and the relevant laws. There are also different risks posed by governmental intervention, such as wiretapping or access that goes unnoticed. Governmental authorities in some countries can demand to see complete backups without warning. Other countries don't allow some types of security technology. That means that companies can't encrypt their information everywhere without limitation. There are also differences in security cultures and legal practices. And the list goes on. That's why T-Systems doesn't have data centers in every country around the globe but only in those countries where risks like these are manageable right from the start.
