High-Performance Computing
Security Risks Hiding in the Clouds | Multicore Ups the Ante, Now Developers Must Catch Up | HPC: Faster, Cheaper and Easier to Use
Security Risks Hiding in the Clouds
For some, cloud computing is 'perfect solution,' but vendors may not be ready for risks
July 28, 2008
One of the chief attractions of cloud computing is that firms don't have to worry about where or how their processing work gets done, but that is also its biggest risk.
A high-profile example of cloud computing comes from Google, which allows small businesses to host e-mail, word processing, spreadsheets and presentations on its free application servers. Users can collaborate and share documents from any computer with an Internet connection.
With models such as Google's, "processing power is located all over the world," says Stephen Catanzano, CEO of Safecore, a Burlington, Mass.-based provider of hosted e-mail storage. Before adopting the technology, he says, financial firms should find out where their files will be stored and how access is controlled.
Safecore is audited regularly by customers-it has about 100 financial services clients-and by outside vendors. But even small firms that can't afford to do full-scale security audits should ask potential cloud providers tough questions.
Rich Schuette, partner at boutique financial planning firm MJL Advisors, did just that when his firm decided to stop managing its own technology infrastructure and move everything to cloud. "One morning my partner and I looked at each other and said, "'This network is a pain-we should do something about that,'" explains Schuette
Schuette decided to start with e-mail, getting rid of the Santa Barbara, Calif.-based firm's Microsoft Exchange server, which used to sit in his office. "There were cleaning people and building people who had access to my office, and ultimately had access to that server box," he says. The computers that handle MJL's e-mail are now in a secure facility operated by Thousand Oaks, Calif.-based Cloudworks. "The servers reside in a locked room with video camera surveillance, passwords," says Schuette.
According to Cloudworks, which also provides automatic backups and disaster recovery, its severs sit in a raised-floor room with an uninterruptable power supply, backup diesel generators and contracts that ensure fuel for the generators. The facility is guarded, door locks require both access cards and hand prints, and clients can request that their data is encrypted or kept on different servers than other customers'. There's also built-in resiliency-if a server goes down, another one immediately takes over.
Schuette says the cloud-based e-mail system is an improvement, offering BlackBerry capabilities and superior Web mail, and Cloudworks works with the compliance department to ensure proper supervision of communications.
Since migrating its e-mail last summer, MJL has moved all of the company's IT functions to Cloudworks. "They're maintaining all of our software licenses now, upgrading all our software, including the proprietary stuff," he says.
"We run all their applications and manage all of their data," explains Mike Eaton, CEO of Cloudworks. "The browser image becomes your entire computing environment-calendar, accounting system, e-mail." Cloudworks, whose typical clients are small to midsized brokerage firms and financial advisers, is used to working in highly regulated environments, says Eaton. Founded in 1997 as consulting firm Atticus, the company launched its hosted computing offering three years ago and in November rebranded itself.
Though Cloudworks is addressing areas such as physical safety, the logical security of the data, and regulatory and compliance issues, other cloud computing risks can be trickier to identify. Vendors can say that they keep customer data isolated, but programming holes could allow access to private data.
