When the internet was established, there were entire legions of people that apparently believed that simply using the web would grant supposed criminals access to their most personal data. In fact, there are many who still believe that shopping via the internet is extremely dangerous. Sure, there are unscrupulous individuals on the net that might be looking to target someone; but how is this any different from real life? The simple fact remains that crime is carried out every day in the physical world, and on a much larger scale than what's found on the internet. Does this mean it isn't safe to leave the house anymore?

So, why am I regaling you with supposed tales of (online and offline) criminal acts? It is because cloud computing is suffering at the hands of hordes of people who believe it is a trick or trap. I suppose it is human nature to fear (and sometimes lash out) at what we don't understand, and cloud computing is apparently something that most people can't even comprehend of. It (cloud computing) is often placed in an unflattering light, whereupon it is routinely denigrated for being a novel new technology which is still under development. In other words, it is purported to be half-baked or only useful for non-critical tasks. Critics should take note: cloud computing is not merely an aberration; it is an extension and evolution of grid computing and networking. That's right folks, the technologies found in cloud computing are in most cases a rearrangement or rethinking of those found in grid computing / networking.

Despite the furor on the net over the supposed major security issues inherent in the design of cloud computing, we've yet to see any major events take place. Sure, there will always be mishaps, but critics of cloud technology seem to believe that its emergence will become a field day for data thieves. First off, there is no such thing as a completely secure completely secure computing system for the internet. Sure, you can institute policies, use bots or personnel to track activity, create compliance standards, limit access, or one of a million other things; but the truth remains that no system connected to the net is 100% secure. This of course includes both grid and cloud computing. Perhaps in the future, new developments will lead to discovery of a system that can be deployed which ensures total security, but that hasn't happened yet.

Compliance with standards, particularly international ones, is another big concern among both opponents and proponents of cloud computing. The big fear is that clouds will begin springing up in every far flung corner of the globe, with absolutely no form of control mechanism in place to ensure that certain standards are met. The ability of cloud computing to meet compliance standards is an essential one, and is an area that deserves more attention.

Why is compliance such an important issue? Let's say you have a company that requires a comprehensive computing solution; so, you enlist the services of a cloud provider (perhaps found via google). What you don't know is that your provider has remotely located / positioned resources (maybe in a foreign country/principality); this wouldn't be a major problem if not for a lack of international standards with regards to the sanctity of your data. For example, what happens if your data is lost or compromised? Without an international compliance standard in place, you have no legal right to contest, sue for damages, or even retrieve your data. In fact, if a foreign government decides to seize your data, it may be able to do so. This is of course the reason why so many individuals are working toward developing the kind of international compliance standards that are needed to protect client/user interests. Compliance standards are also a great way to ensure and measure a cloud providers actual specifications, or ability to deliver on proposed services.

While the security issues surrounding cloud computing seem to be intentionally misleading and slightly blown out of proportion, there is some credibility to those claims calling for the development of (additional) compliance standards. However, even with a lack of definitive compliance standards in place, cloud computing can (and is) still superior in many regards to grid computing / networking. What's the solution? Try to choose a cloud provider that has both an established reputation and the financial backing to support it. Only an organization with a great track record, the resources to ensure uninterrupted service, and an understanding of basic security principles should get your business.

Eventually, all of these perceived security and compliance issues will fall by the wayside; it's just going to take time for the systems to be developed and the standards to be fully instituted.

+++