Daniel Flax, CIO at investment banking and financial services firm Cowen and Co., relies on cloud computing to automate his company's sales activities. While he's satisfied with cloud technology's potential to lower upfront costs, decrease downtime and support additional services, he admits that he has had to work hard to get a handle on the emerging technology's security weaknesses. "Security is one of the things we've had to come to grips with," he says.
Evan Jones, owner and IT chief of interactive production company Stitch Media, located in Toronto and Halifax, Nova Scotia, is also concerned about cloud security. "It's a scary concept when you just hand all of your important company data over to a third party," he says.
Like a growing number of IT managers, both Flax and Jones are beginning to realize that cloud computing doesn't offer companies a free ride when it comes to security . A Gartner report released last year identified concerns about risks in several areas, such as data privacy and integrity and compliance management, that should give pause to anyone thinking about rushing into cloud computing.
"Enterprises, particularly those in regulated industries, need to weigh both the business benefits and risks of cloud computing services," warns Jay Heiser, a Gartner analyst.
One of cloud computing's biggest risks arises from its very nature: It allows data to be sent and stored just about anywhere -- even divided among locations around the world. While data dispersion helps give cloud computing a cost and performance edge, the downside is that business information can land in storage systems in locales where privacy laws are loose or even nonexistent.
Flax, who is using Salesforce.com's Force.com platform to automate Cowen's global sales systems, says the best way to ensure that data steers clear of risky destinations is to work with a cloud vendor that is a public company and is therefore required by law to disclose how it manages information.
Salesforce.com is publicly traded, and "as a result, we have a sense of comfort that there are strict processes and guidelines around the management of their data centers," Flax says. "We know our data is in the US, and we have a report on the very data centers that we're talking about."
Agora Games, a company that builds Web communities for video game players, currently has no say on the matter of where its cloud computing provider, Terremark Worldwide, hosts its data and applications. But that will be changing in the near future, says Brian Corrigan, Agora's chief technology officer.