Firms need to get over their fears and dive into the cloud

19 Aug 2010

Cloud computing is set to be mainstream in the business world in the coming years. Dr Giles Hogben is programme manager for secure services at the European Network and Information Security Agency (ENISA)

What is the strategic imperative that would drive businesses across Europe to embrace cloud computing?

Cost, flexibility and the ability to focus on your core business.

It has been said that within two years cloud computing will be mainstream, do you agree?

Many organisations I speak with already see it as a strategic imperative. The biggest reason holding people back is the lack of comparable information about the security practices of providers. This is not a criticism of the providers. The problem is more that there is currently no standard way of assessing a cloud provider’s security offering.

Is there an information gap?

In nearly every case, all we can do is read some security white papers on the provider’s website and hope for the best. This is a problem for the providers too because they can’t realistically answer a detailed security questionnaire for every customer, and even if they could, we only have their word for it.

Some of the security-related tasks which are very well understood in traditional infrastructures are still problematic in the cloud. For example, management of cryptographic keys is difficult in the cloud since keys generally have to be stored off the cloud and responsibility is delegated to the customer.

One of the biggest fears preventing SMEs from adopting the cloud is fear over data integrity, do you think this is well founded?

We did a survey of SMEs including this question and found that although this is among the top concerns, loss of control over data is the greatest fear. As for data integrity, you have to ask yourself the question of whether data integrity would be better protected in the current SME set-up or moving into a cloud provider who can in many cases afford much better integrity protection measures.

Again, it depends on the application. For highly real-time applications such as gaming and financial transactions, there can be issues of maintaining integrity across highly distributed systems, but these will hit you even if you keep these solutions in-house (but you might have better control and visibility to deal with them).

Are governments well positioned to exploit cloud computing?

In general, governments have to be a lot more cautious about moving into cloud computing because they deal with more sensitive data and they often have rigid security requirements. 

The Irish Government is one of the most interesting cases – since Ireland hosts so many cloud data centres. It would be great if the Irish Government could be its own best customer, but this can only happen if due diligence has been done on the security considerations.

ENISA is neither an advocate nor a critic, we just want to make sure that people make well-informed decisions based on a sensible assessment of the risks and that they can take advantage of cost savings without increasing their security risks.

Dr Giles Hogben will be speaking at the Cloud Computing Summit at Croke Park Stadium on 9 September. To learn more go to

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years