Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

  1. Home
  2. Data-centers
  3. Six-ways-fail-cloud
  4. Page
  5. Six Ways To Fail In The Cloud: Page 2 of 5
Data Centers

Six Ways To Fail In The Cloud: Page 2 of 5

Our 2011 InformationWeek Analytics State of Cloud Computing Survey shows a 67 percent increase in the number of companies using cloud services, up from 18 percent in February 2009 and 30 percent in October 2010. IT now has a choice: Grab ownership of what's poised to be a core part of the enterprise technology toolset, or shortchange key functions and set ourselves up for disaster.
January 24, 2011

Security: Safety First
"We won't be involving our security team in this project until the last possible moment, because the answer will be 'no.'" That from a VP at one of the largest retailers in the world. He's evaluating a cloud-centric initiative that could dramatically improve the company's operations, and he went on to say that bringing the CISO in without building the entire plan beforehand is a death knell for any project.

Think this isn't going on in your shop? Keep sipping the happy juice. This VP guaranteed that end runs are standard practice among his peers. And the standard mantra of "it's against compliance rules" won't only make you seem out of touch--you may well be wrong. PCI 2.0, the rules that govern the security of credit and debit card data, was just released and has little specific guidance for cloud computing per se, but it does lay out clearer rules relating to off-premises transactions. In addition, Amazon recently announced that its Elastic Compute Cloud is certified for conducting Level 1 transactions; the company will begin offering that service this year. The next official PCI standard will likely have in-depth rules for cloud computing, but it won't be released until 2013.

Security teams take note: There's a new set of guidelines, and a major cloud vendor has a platform certified for some level of transactions that are subject to PCI rules. If you think saying "wait until 2013" is a good move for your business, consider polishing up your resume.

The better answer is providing forward-thinking security and connectivity guidelines that people outside IT can understand and use. Make sure your guide covers all the policies you've established and explains the outside compliance areas you're forced to adhere to. We discuss the seven key areas that must be included in a cloud policy in our full Analytics Report.

figure-2.pngConnectivity: The Right Connections
Just 29 percent of those using or planning to use a cloud service have scoped out the architectural impact on their Internet infrastructures. You should be running these numbers before engaging any cloud provider.

Tags:

News
Data Centers
Cloud Infrastructure