What are clouds?
That’s a question a child might ask, but for CIOs today, the answer centers on a completely different meaning. Top tech chiefs and company executives are trying to figure out how to use cloud technology and to what degree it should be part of their company strategy.
Without a doubt, statistics show the cloud can no longer be ignored:
- According to a Gartner study cited by Information Age, public cloud spending increased 32 percent in 2015.
- A Forbes survey found 93 percent of organizations run cloud applications, and 82 percent of enterprises have a hybrid cloud strategy.
- A Verizon survey found that cloud strategies enabled 69 percent of respondents to reengineer their business processes.
Security, however, remains a top concern. To find out more about the use of the cloud, I connected with Bryce Austin, CIO and CISO at Digineer and a cybersecurity expert. We talked about cloud strategies, misinformation about security issues, and why public and private clouds are part of a sound strategy.
Digineer’s Bryce Austin talks cloud security
Phil Weinzimer: Many companies are hesitant to use the cloud due to security concerns. What’s your take?
Bryce Austin: Concerns about the public cloud are much like concerns about electricity companies around the turn of the century. Manufacturers were accustomed to generating their own power, either through waterfalls that turned turbines or manual labor running machines. When companies like General Electric proposed producing power and selling it to manufacturers, there were significant concerns about outsourcing such a critical business function. Over time, however, customers realized the competitive advantage that focusing on their key business processes could bring, and the fears around outsourcing power generation subsided. Ten years from now, using the public cloud for key data center services will have a similar acceptance from most industries.
Why are so many companies fearful of the public cloud?
For the same reason that people are fearful of flying–it’s a loss of control. It’s moving something that a company is used to controlling themselves and putting it into someone else’s hands. That’s psychologically difficult, even if the company is more secure as a result. Statistically speaking, commercial flying is the safest means of transportation going. A person is much more likely to be killed on the way to or from the airport than on a plane. That being said, flying is scary for many because there is no control of the situation as a passenger. You are trusting the pilot and the airline to keep you safe.
The public cloud is similar in that there is an outsourcing of data center services to a large company that you entrust with your critical systems and sensitive data. In general, those large companies providing cloud services do a better job with infrastructure security than most companies that maintain their own systems.
Is the cloud less secure than a private data center?
In a word, no. It has different security challenges than a local data center. The management console is exposed to the Internet and must be kept secure with strong authentication techniques, like complex passwords and multi-factor authentication. Currently, something-you-have authentication is the most common multifactor authentication solution, in the form of an RSA key fob, a program on a smartphone that displays six-digit codes that change every 30 seconds or so, or a one-time password sent via text to a cell phone.
Also, encryption of sensitive data stored in the cloud is more important than ever, preferably with encryption keys that are managed by the customer, not the vendor. Using that methodology, the cloud services provider is unable to access any sensitive customer data.
What’s the most critically sensitive data in the public cloud currently?
Both Amazon Web Services and Microsoft Azure have developed a section of their public cloud offerings that have achieved CJIS compliance, which stands for the Criminal Justice Information System. This system is used to store data about active FBI criminal investigations, and that data may be shared with state and local law enforcement agencies. This is data that could literally result in loss of life if it fell into the wrong hands.
Don’t recent breaches, such as the Office of Personnel Management (OPM) hack, show that these systems are not as secure as you make them out to be?
Not at all. The OPM hack resulted in disclosing over 5 million fingerprints to the bad guys. The reason those fingerprints were compromised had nothing to do with the public cloud or any data center infrastructure. It had everything to do with the fingerprints not being encrypted while stored in a database. There is a lot of misinformation going around about security issues with Internet-facing systems that have nothing to do with data that is or is not, in a public cloud.
Where will the public cloud be three years from now?
It will be at the core of many, perhaps most, small-and-medium-sized companies’ data center needs, and will help augment capacity for peak loads in almost all larger companies. I believe some Fortune 1000 companies will adopt the cloud as their primary data center, similar to the SMB space.
Embracing the cloud
As Bryce highlighted, cloud computing has changed the way companies interact with their customers, strategic partners, vendors, and employees. And it has impacted our personal lives as well. YouTube, Google, and Twitter have changed the way we communicate, shop, educate our children, and more. Given the advantages it can bring, cloud computing should be a core strategic asset for your company. Don’t let this opportunity pass you by.
Watch my full video interview with Bryce Austin to find out more about how companies leverage cloud technology to improve competitive advantage. You can also learn about other IT thought leaders who are changing the dynamics of the business enterprise in my Strategic CIO Series.
(Author’s note: Bryce Austin speaks regularly on the subject of cybersecurity and is an acknowledged expert in the subject. On a personal note relative to security, Bryce is a weekend high-speed track driver and coach. He has more than 15 years of experience on the track, and has driven cars as diverse as an 85-horsepower Saturn, a 600-horsepower Porsche 911 Turbo and a 650-horsepower Corvette. Bryce has had over 50 students — none of whom died while under his instruction. Bryce can be reached at firstname.lastname@example.org.)
This article was originally published at CIO.com.