Executive summary
In today’s challenging economic climate, a growing number of organisations require more capable and flexible IT resources; they also need to reduce costs. Cloud computing seems to offer a ‘win-win’. However, the cloud is becoming an attractive target for hackers and criminal gangs and, despite the assurances of competing service providers, may actually fail to deliver on promised cost-savings or be suitable for mission-critical operations. Rather than being swept away by the storm of hype, organisations must look objectively at their business processes and systems to determine how the typical cloud model can be adapted to meet their key security, cost and operational concerns. Only then will they be in a position to build an IT solution which is commercially and operationally viable.
Rather than being swept away by the storm of hype, organisations must look objectively at their business processes and systems to determine how the typical cloud model can be adapted to meet their key security, cost and operational concerns.
Storm clouds are brewing
The effects of a deep global recession have combined with recent advances in information technology to create a ‘perfect storm’ for cloud computing – a storm of marketing propaganda whose effects are strengthened dramatically by the combination of an ever-growing business dependence on cyber space, increasing demands on IT systems and a global mantra of budgetary prudence.
A growing number of cloud service providers are offering customers the potential to generate sizeable, longterm cost-savings, increase the capacity, agility and flexibility of their IT systems, and provide a much-needed standard IT platform across their business. Their marketing efforts are being met with considerable success: cloud-based services already account for around 7.5% of the £8 billion UK software market and this is forecast to double by 2012. A recent European survey by the Information Systems Audit and Control Association (ISACA) suggests that 40% of companies in the UK are already using cloud computing systems.
However, the importance now being placed on cloud computing by so many organisations is not lost on a new generation of hackers, organised criminal groups and maliciously entrepreneurial insiders. With the potential for every cloud to contain valuable data from not just one but several organisations, they may be a target too tempting to pass up. As a consequence, the cloud is now exposed to significantly increased cyber security risks. Recent examples of deliberate theft of personal data from government institutions and large commercial organisations in the UK demonstrate a lack of appreciation of this risk or awareness of the value placed on cracking IT systems by criminals.
