But here we are.
When you think of a rainbow, what adjectives come to mind?
How about hope and clarity?
And who can forget the biblical account of Noah and the Ark?
Those 8 folks according to the story must have relished that rainbow after it rained for what must have felt like forever.
And not only did they survive the flood, God sent them the rainbow to comfort them by letting them know that they were the only survivors.
And, not only did they survive;
They were safe and secure.
In Cloud Computing, Secure Socket Layer (SSL) is that rainbow.
The advantages of Cloud computing are compelling:
- Significant savings on capital expenses
- Flexible IT Infrastructure by providing easy access to shared elastically allocated computing resources
- Reduction in the running cost of operating the network, which allows enterprises to focus on their core competencies instead of IT
But so are the risks to:
- Data Privacy & Security
- Regulatory Compliance
- Data Location
Concern over the security of an organization’s most valued asset–its data, continues to intimidate many would-be and actual Cloud adopters.
Data privacy and security requires that IT professionals recognize and pay tribute to the rainbow in the Cloud.
Not only will SSL provide peace of mind in terms of data segregation and security, it also hinders the accidental disclosure of protected or private data.
When regulatory due diligence and data access is automated, SSL encryption renders all sensitive data useless to any third party who tries to intercept or view it.
Why is this important?
On November 14, 2013, I gave birth to Baby Rachael. I have had to hire nanny care. My nanny and Administration for Children’s services holds me responsible for meeting all her needs regardless of how much I will have to pay for child care services.
Cloud providers are nannies.
When an organization outsources IT to a cloud service provider, the organization is still responsible for maintaining compliance with SOX, PCI, HIPPA and any other applicable regulations.
Consequently, the enterprise will be held liable for data security and integrity even if it is outsourced.
Since the enterprise IT manager cannot rely on the cloud provider to satisfy the regulatory requirements, the enterprise must require the cloud provider to seek some compliance oversight, which is the second area of risk in the cloud.
And how does SSL address Data Location–the third area of risk in the cloud?
Think Iran or North Korea.
Organizations want to thrive in the American economy. They do not want to be known for or be penalized for having even mild flirtations with countries on the ‘forbidden list.’
The public cloud permits the ubiquitous access to data. A very good thing.
But this very good thing turns ugly if it is discovered that an enterprise is engaging in illicit relations by having its servers in countries like Iran or North Korea.
A fling with a country like Iran is easy because the public cloud lends itself to such clandestine operations by virtue of its culture.
Cloud computing is a double-edged sword.
Furthermore, a legitimate third-party SSL provider will not issue an SSL certificate to thugs. North Korea and Iran are international thugs.
And as long as the cloud provider requires trusted authentication and encryption on all their servers through SSL from a certificate authority, an enterprise will know that the cloud provider isn’t storing their data on IT hardware in these countries.
Choosing a cloud provider with confidence is important but recognizing the rainbow in the cloud will always be the responsibility of the enterprise.
- Source: Gartner EXPWorldwde Survey
- Source: IDC exchange
