Gartner and IBM says Cloud computing will skyrocket in 2009. Microsoft is more reluctant but coming along as well. Several news sites report that 2009 will be the year of enterprise cloud computing, but others are unable to spot the next salesforce.com, requesting it to come out of the cave. Why? I believe that security concerns are the biggest hurdle; IT department does not trust that services in the cloud are secure enough. I am not talking about uptime and availability, which is also a needed discussion, but I am talking about viruses, hacking, and information leak and so on. Ok, Gartner sees this as well, but they still predicts “sky rocket growth” three quarters of a year later – I am not convinced, and I consider myself innovative – I dare not think about conservative 50 year old CIOs.
Viruses in the cloud, you got to be kidding? Well, last week Norwegian Police went out of business because of virus brought to them by MSN. Phishing attempts is a well known problem, and the “fatter” the account you can phish or hack, the more vulnerable it is. When Barrack Obama runs a teleconference in the cloud, god knows who listen to that.
Hacking in the cloud? Well, the first is social hacking; it has always been and probably always will be a problem, but when running on level one security (username and password) it is no doubt that it is not good enough, to get someone’s password is just too easy. I heard from youths at the age of 13 hacking MSN accounts. And one expects enterprises to jump onto this with storing mission critical strategy documents? No fucking way! Maybe you could get around this with solutions like decided IP-range, VPN-solutions, RSA code calculators and so on, but then the usability (and thus the usage!) starts to drop, people start complaining, the money starts running out anyway, and the IT department has it going. Norwegians has used internet bank since around 1998, when I visited Poland in 2003, long queues of bill paying polish men and woman were standing outside the banks. They had no trust in online banks, and thus were not using it. The same goes for US Consumers, using checks to pay bills. I am 25 years old, and can barely remember checks in Norway. Yes Norwegians have a large trust in banks, but then, BankID has never been exploited in successful large scale hacking attempts, and banks have spent millions on campaigns building user trust.
Information leak? Not long ago I heard about EmailXtender, a plugin to Outlook, helping you search for lost e-mail. The company at question had set it up wrong so all incoming e-mail was searchable from every employees computer. How about if the same thing happened to salesforce, suddenly some competitor could see all the leads to someone else? Often you want to share with people outside the company, but not always. The “not always” unfortunately is a must have, whilst as long as email, google documents and public CMS-systems works, the other is a nice to have. You get to share your documents and texts somehow anyway.
All right, I admit it, I am very critical towards enterprise cloud computing, but realise that I might “look like a server hugger who want to sleep with a copy of my data under my pillow“. Why am I critical? I have spent two years working for Steria and visited several customers, and security concerns are always an issue. Now, it may be that Steria has a traditional look upon this, we even promote and sell security consulting, but no one has yet proven to me that security is taken good enough care of when it comes to cloud computing. That said, I love the many fantastic new services developed out there like doodle, vyew, etherpad, comapping and so on, just do not even consider using them when you are hosting a discussion that needs a higher security level – yet!