Companies love the elastic nature of cloud services, yet they have grave concerns about the security of such resources. One of the biggest barriers that companies have to get past when it comes to cloud services is finding that critical balance between security and elasticity--and then moving the company's IT infrastructure in the most appropriate direction.
The Allure of Cloud Elasticity
A tantalizing benefit of cloud services is the ability to size resources quickly based on needs. That means that, instead of having expensive computer equipment sitting idle in a company's data center waiting on the busiest times, the company can lease space and services from the cloud as needed. So, when demand is low, cloud services scale down; when demand goes up, so does the use of cloud services. This scalability cuts down on both capital and operating costs for companies.
This elasticity is almost a foreign concept to established companies with in-house IT infrastructures. The premise of the last 50 years of corporate computing has been the idea that computer resources are fixed: you have a server sitting in a data center that you use for a designated purpose. If you have a higher demand for a few months per year, you have two options in handling peak demand times: buy a bigger server or get a second one. For the rest of the year, the unused capacity sits idle. That is an inefficient and expensive use of company assets.
The Concern of Cloud Security
Transitioning to cloud computing can be difficult for many companies. One concern these companies have is a perceived lack of security with cloud computing. These companies are used to having private computer assets secured from any outside intrusion. Even when the companies lease equipment in outside data centers, they still have dedicated discrete assets assigned only to their company. This allows them to meet internal and external security compliance requirements without thinking beyond their own infrastructure. Therefore, it's no surprise that many companies point to this security fear to avoid using the cloud altogether or to limit its use severely.
Securing cloud services is different from securing private IT infrastructure. It requires securing both the cloud services and the internal services so they stay in collaboration and do not allow outside interference. The good news is that cloud service providers are coming up with new technologies and protocols constantly to address this need. One example of this is split key encryption-- which uses two encrypted streams, one for upload and one for download-- to pass information between the cloud and internal business assets.
Striking a Balance
Finding the balance between the cloud's elasticity and a company's security requirements is an ongoing challenge. The first requirement is getting beyond the traditional mindset around many enterprise IT infrastructures. It means rethinking how companies use IT, how they budget for it, and how they staff it.
Companies that want to leverage the cloud's elasticity and value need to identify what internal systems would work well in a private cloud. Then, they have to create the budget and projects needed to make that transition. For most companies, this will take time. Yet, for most companies, the time, money, and effort are well worth it.