Cloud computing has a significant number of benefits, however many CIO’s are concerned about the level of security cloud can offer their data because cloud security has yet to be defined.
According to Matt Lowth, National Australia Bank’s principal security architect, “The biggest problem with the cloud is that you cannot get a consistent definition of what is secure…[Also] Security depends on what you’re after. For an advertising or marketing site, cloud is perfectly secure…on the flip side if you are a military type of business it is probably not secure enough.”
The Open Data Center Alliance (ODCA) is attempting to end the ambiguity and define security standards for businesses looking to cloud solutions. What makes it difficult is that for different industries there are different expectations and definitions of security.
If you are a part of a smaller business, it’s most likely you don’t have the infrastructure, let alone secure infrastructure, in place.
It also depends on what type of market you’re in. For financial institutions, cloud poses three challenges: regulation, standards, and security. With the ODCA’s attempt to clearly define security standards, financial institutions stand the most to benefit.
Originally proposed was an assurance model that’s only spawned more questions than answers. A year ago, the ODCA in its original proposition, suggested four usage levels:
- Bronze, basic security level requirements
- Silver, enterprise security equivalent
- Gold, financial organization security equivalent
- Platinum, military organization security equivalent
Seems too simple? That’s because it is. Lowth revealed that the proof of concept needed further refinement to accommodate all IT functions for a company. For example, managed services implications were not originally included in the model. This posed an issue due to enterprises requiring different service management depending on their scale.
Eventually the model will help clients and cloud providers determine which level of security they need, and how to measure against them.
According to Lowth, “Clearly defining minimum levels for security via the ODCA’s Cloud Provider Assurance usage model enables more informed choices on what is appropriate for each sector…[it] will provide positive user experiences both at a business level and for the end consumer.” It’s now just a matter of time before clarity arrives.