What are we trying to protect in Cloud Computing?

We often hear about Cloud computing being a “change in paradigm” in information technology. Some mention the ‘pay-per-use’ mode of usage, while others talk about the ‘elasticity of resources’. However, from the security and trust perspective, one subtle but significant paradigm change is often left unnoticed. And that is the shift from the focus on systems to the focus on data.

 

What does this mean? In the past, IT owned systems and were responsible for the upgrading, maintenance and the security of these systems. However, with public Cloud computing, systems are owned and maintained by Cloud service providers and no longer by individuals or enterprises. Since they do not own these systems, end-users do not treat them as top-priority assets and naturally are less concerned about their health and integrity.

 

As a result, Cloud computing end-users have only one real asset left to protect: their data. When using public Clouds, end-users transfer their data into the hands of the Cloud providers. This perceived transfer of control is also the reason why there is resistance amongst industries handling sensitive data (e.g. public sector, healthcare, etc) to move into public Cloud technologies.

 

With an awareness of the data movements and information lifecycles in the Cloud, there will be a strong basis to mitigate several concerns about data leakage and loss in the Cloud. I did a simple poll during a recent Cloud computing workshop asking attendees which do they wish Cloud providers to protect more? Data or systems? You know the answer.

Comments
JudyRedman | ‎08-17-2011 08:27 AM

Hello, Ryan:  I’m a fan of the work your team is doing on TrustCloud and wrote about it in a recent post entitled  “Keys to Achieving Trust and Accountability in the Cloud”  that might be of interest to those reading this post.  

I’m looking forward to more posts from you on the great work being done at HP Labs Singapore.   JR

RyanKo | ‎08-18-2011 09:32 AM

Thanks Judy for your kind support! 

Nadhan | ‎08-18-2011 02:53 PM

Ryan: It is no surprise that data is the key asset being protected in the Cloud.  One of the "Rights" I call out in the Cloud Transformation Bill of Rights is the "Right Application".  You will see that three out of five characteristics that define the "Right Application" have to do with -- you guessed it -- data.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
About the Author
Dr. Ryan K L Ko is a researcher with the Cloud and Security Lab, HP Labs Singapore. He currently leads HP Labs' TrustCloud project and Cloud...


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation