New security threats, data integration, affecting cloud adoption
- 26 March, 2009 11:19
Questions around security, vendor openness and cost continue to hold back cloud computing adoption in Australia, according to analyst firm IDC.
Speaking at its Sydney summit on cloud computing in Sydney, IDC associate director of consulting Linus Lai, said the emergence of new pricing models, like paying by the hour, per user or per transaction, were creating cloud computing-specific security risks.
“Because you are charged on the number of transaction, say for a data base service, hackers have found a way to create false database transactions,” he said. “By doing this they can rack up a huge bill for the customer with the cloud computing service provider.”
This opened up the potential for hackers and organised crime elements to extort cloud computing users, Lai said.
With its ability to create virtual infrastructure on demand for use in software development and testing, among other uses, cloud computing itself was creating sandboxes for hackers, he said.
“A more malicious use of cloud computing is the fact that hackers can use virtualised infrastructure as a launching pad for new attacks,” Lai said. “Virtualised infrastructure is a resource, and with all resources, they can be used for good or bad.”
While 18 percent of Australian enterprises are using cloud computing in some form, and 38.5 percent considering using it, according to Lai, a lack of frankness from vendors about the true capacity of their cloud offerings was affecting cloud computing adoption.
“I challenge you today: if you ask any of the cloud service providers what their absolute limit of capacity is – and when are their services going to break – they are not going to tell you,” Lai said. “[Providers] will say their services is infinitely scalable. The allure of cloud computing is based on that illusion of the ability to infinitely scale. This is very different from the model of today which is based on capacity.”
Added to this, a lack of a critical mass of cloud computing suppliers and concerns that cloud services in the long run could cost more than paying for infrastructure and services up front were also factors, Lai said.
“There has been a lack of proper discussion about how cloud services can integrate with in-house data bases, business process applications and customer data.”
Angus McDonald, chief technology officer at Sun Microsystems ANZ, said interoperability was the biggest issue affecting cloud adoption.
“At some stage cloud providers will be the same as electricity providers – and that won’t happen unless there is interoperability locked in,” he said.
“The concept of vendor lock-in is now being applied to the cloud in terms of cloud lock-in, so you have to ask: how do you go from one cloud to another? How do you manage your security and backups?”
With organisations like Google and Amazon highly reliant on the speed of their Web sites for maintaining traffic and transactions, the level of performance of cloud-based services was also a potential inhibitor to adoption.
Alan Perkins, CIO at Australian headquartered electronic design software vendor Altium, and a user of cloud services from Amazon, Google and Salesforce.com, was more sanguine about cloud computing adoption, especially when it came to security and availability.
“Suppliers of security services do a better job of security than I as a CIO can do: you can penetrate our security with a hammer and ladder. Unless you are in the business of security then you shouldn't be doing it,” he said.
“The risk of a cloud provider going down is probably less than that of your own systems going down. You actually gain more control over your data by putting it into the cloud as you gain more control over the use of that data.”