Weighing the Value of SecurityBy Dennis McCafferty | Posted 2010-04-08 Email Print
Business and technology managers may be uncertain about the differences between public and private clouds, but they need to get up to speed very quickly because the demand for cloud computing is increasing at a fast clip.
Weighing the Value of Security
Security is another big issue in the cloud debate. IT and business departments will often weigh the need for balance between cost and convenience on one hand and data security on the other. Of course, all organizations value security, but some have a higher threshold for potential violations than others and require a need-for-speed strategy to survive.
An enterprise that handles high-transaction/low-security or low data value is well-suited for the public cloud, says Aninda Bose, who has analyzed both cloud structures as head of strategic sales and marketing at NIIT Technologies and as a member of the Project Management Institute, a nonprofit research organization. For example, if a local government office wants to tell you that your car registration is up for renewal and just needs to give you a renewal date, that would be perfect for public cloud hosting, he explains.
In contrast, a financial institution, health care provider or federal agency might choose the private cloud model, given the sensitivity of their data. “Accounting treatments and taxation applications are not yet fully tested for public cloud services,” says Mark White, principal with Deloitte Consulting. “So enterprises with significant risk from information exposure may want to focus on the private cloud approach.
“This caution is most relevant for systems that process, manage and report key customer, financial or intelligence information. It’s less important for ‘edge’ systems, such as salesforce automation and Web order-entry applications.”
The Orthopedic Institute, a Sioux Falls, S.D.-based medical-practice company that’s very data-dependent, concluded that the private cloud structure best suited its needs, especially since it must comply with strict Health Insurance Portability and Accountability Act (HIPAA) rules for protecting patient information.
Originally, the Orthopedic Institute was just looking to change its domain name from Ortho-I.com, explains IT Director David Vrooman. But when it explored possibilities with MaxMD, the exclusive provider of .md domains, it found that MaxMD could also provide private cloud services for highly secured, encrypted e-mail transmissions—and the cost of entry was less than doing it in-house.
“We didn’t want to use one of our servers for this because it would have amounted to a $20,000 startup cost,” Vrooman recalls. “By going with a private cloud option, we launched this at one-fifth of that expense—and it only took an afternoon to get started.
“It would have taken at least a week for my staff and me to get this done. And because MaxMD has taken over the e-mail encryption, I’m not getting up at 3 a.m. to find out what’s wrong with the server.”
But some industry experts say the traditional views about cloud computing and security may be shifting—even within organizations that are dependent on highly secured data. For its business resources-providing subsidiary, CPA2Biz, the New York-based American Institute of Certified Public Accountants wanted to provide its 350,000 members with access to the latest software tools.
Working with Intacct, CPA2Biz created a public cloud model for its CPA members. Since the program was launched in April, concerns about security have been addressed, and hundreds of firms are supporting an estimated 2,000 clients through the public cloud services offered through CPA2Biz.
“Only those in the largest of member organizations would be able to consider a private cloud system,” says Michael Cerami, vice president of corporate alliances at CPA2Biz. “Plus, we don’t believe there are security advantages to a private cloud system.
“We’ve selected partners who operate highly secure public cloud environments. This allows us to provide our members with great collaborative tools that enable them to work proactively with their clients in real time.”