On Cloud Security's "PR Problem"

David Linthicum reports on Cloud Security's PR problem, quoting a Harris poll that:

"One of the main issues people have with cloud computing is security. Four in five online Americans (81 percent) agree that they are concerned about securing the service. Only one-quarter (25 percent) say they would trust this service for files with personal information, while three in five (62 percent) would not. Over half (58 perent) disagree with the concept that files stored online are safer than files stored locally on a hard drive and 57 percent of online Americans would not trust that their files are safe online."

He concludes that:

"There is no easy answer to this problem, though a look to history can help. When the Web first hit businesses, it was feared and misunderstood until the business value became clear to all. This took years, and even today we use the traditional Web by taking the good (for example, the ability to find instantly the one piece of information that caps your presentation to the board) with the bad (the creepy guy down the hall who was caught surfing porn). The benefits outweigh the problems, and cloud computing will eventually find a similar path to acceptance."
http://www.infoworld.com/d/cloud-computing/cloud-securitys-pr-problem-shouldnt-be-shrugged-776?page=0,1

It is indeed useful to "look to history" here. Back in the early days of the Web, there was a lot of concern about sending private data over the web. People did not trust the public internet with their private data, and certainly not with credit card numbers. But was this a "PR Problem"? Not really, since the fears were justified. Users and organizations decided that the private data could never travel over the public Internet in the clear. So, it wasn't a case that users did not trust the public Internet with their data and now they do, but that they learned to put a mitigation in place which would allow them never to trust the public Internet but still use it for commerce.

So, with Cloud service providers, the logic is that customers should be able to put mitigation in place which would allow them to never to trust the Cloud provider with their private data. Even though vendors like Amazon and Google may be widely trusted, trusting them with your private data is another matter. It may never be possible for some users to allow Amazon or Google to store their private data, however trusted they are, simply because they are a third-party.

These mitigation strategies include selectively encrypting private data before it is sent up to the Cloud provider, and scanning traffic to the Cloud provider for privacy breaches. This is similar in principle to how SSL encrypts the private data before it is sent over the public Internet. The task is not to solve Cloud computing's security PR problem, but instead to allow it to be used in a trusted manner. The key to this is the Cloud Service Broker, which brokers the connection to Cloud services and applies trust by selectively encrypting and scanning the data sent up to the Cloud provider.