IEEE: Interoperability, data portability trouble cloud customers as much as security

Many public cloud networks are configured as closed systems that do not interact with each other. This lack of integration makes it difficult for organizations to consolidate their IT systems in the cloud in order to realize productivity gains and cost savings, the IEEE experts noted.

The association is addressing these issues during its IEEE Cloud 2011 conference being held this week in Washington, DC. In April, IEEE launched an initiative to develop cloud data portability and interoperability standards.

“To achieve the economies of scale that will make cloud computing successful, common platforms are needed to ensure users can easily navigate between services and applications regardless of where they’re coming from, and enable organizations to more cost-effectively transition their IT systems to a services-oriented model”, said Alexander Pasik, chief information officer at IEEE.

Elisa Bertino, IEEE fellow and research director at Purdue University’s Center for Education and Research in Information Assurance, said that security in the cloud is no different than security for on-premises networks. “Organizations are not exposing themselves to greater security risks by moving data to the cloud. In fact, an organization’s data is likely to be more secure in the cloud because the vendor is a technology specialist whose business model is built on data protection”, she observed

In an interview with Infosecurity, Steve O’Donnell, IEEE member and former global head of data centers at BT, said that using cloud services is not always cost effective.

“A lot of cloud has been sold as being cheaper than doing it internally. Frankly, in most cases, it’s not”, he said. “If you are an enterprise, and you want hundreds or thousands of racks of servers, it really doesn’t add to buy it in the cloud. The price points are too high.”

The driver for enterprises to adopt the cloud is not because it is cheaper, but because it offers more agility, O’Donnell said. But businesses tend to be very sensitive about security when it comes to applications that provide agility, he added.

“IT guys want the same types of control they have in the data center in the cloud. When you push stuff out to the cloud, you outsource availability and security to the cloud vendor. That’s probably a major weakness”, O’Donnell observed. He added that cloud vendors should provide more control over availability and security to their customers.

To address enterprises’ cloud data security concerns, Pasik proposes an insurance-based approach, similar to the Federal Deposit Insurance Corporation. “The vast majority of Americans have bank accounts because they know their money is safe. I see a similar type of guarantee, supported by private industry, being offered to users of cloud computing within the next 10 years”, he said.

What’s hot on Infosecurity Magazine?