Skip to navigation
Skip to content
College of Business
AACSB International EQUIS - European Quality Improvement System

Does Cloud Computing Cause or Cure Data Security Problems?

Prof. J. Leon Zhao

Prof. J. Leon Zhao
Ph.D., Head and Chair Professor of the Department of Information Systems
Contact: jlzhao@cityu.edu.hk
Written by Prof. Zhao

Deciding whether or not to adopt cloud computing services* has become a strategic decision in business organizations and other institutions (Byrne 2012). Among the factors to making such a decision is the concern about data security issues (Alexander 2008). In this short article, I would like to share a perspective on the potential impact of cloud computing on data security.

As well known (Oracle 2013), data security problems may be classified into three types: Confidentiality, Integrity, and Availability. The causes of data security breaches can be categorized as people-related causes and system-related causes. Let’s use this framework to discuss the potential impact of cloud computing on data security. However, this analysis is a generic study, and data security issues may vary across industries and across companies. For instance, data security issues of a large public hospital should be very different from those of a small financial brokerage firm.

The table below shows a contrast of data security capabilities in a two-by-two array. People-related security problems include the lack of training, lack of vigilance, loss of computing devices, data thieves and hackers, and intentional sabotages. System-related security problems include outdated technologies, lack of system upgrades, access control loopholes, irregular backups, and networking attacks.

Security Problems In-house Data Centers Cloud Computing Services
People-related
  • Confidentiality: direct personnel control
  • Integrity: better business control
  • Availability: better local access
  • Confidentiality: better professional training
  • Integrity: stronger technical control
  • Availability: better networking professionals
System-related
  • Confidentiality: better sense of needs
  • Integrity: better knowledge of rationale
  • Availability: Higher cost per data unit
  • Confidentiality: stronger intrusion detection
  • Integrity: better access control algorithms
  • Availability: Lower cost per data unit

In general, cloud computing providers should have stronger capabilities in providing better data security at the data storage end. On the other hand, cloud computing providers cannot control data security issues directly at the user end.

The emergence of cloud computing is a natural step of economic progression towards higher productivity by transferring the data processing tasks from in-house data management teams into the hands of a fewer number of data management contractors equipped with a new generation of data processing equipment. This is an ongoing business transformation that will take the next twenty or more years to complete.

In fact, “not adopting cloud computing” will disappear as a real option. However, the issue is to choose which part of the company data into cloud computing. In this regard, business schools will need to teach managers how to make such decisions when adopting cloud computing as part of the strategic planning since their decisions will affect all users of the company including customers, employees, and business partners.

Clearly, data security is a valid concern of business managers that the cloud computing industry will have to resolve. Nevertheless, this new round of information revolution will lead to more productive and agile business organizations; those companies who cannot survive this cloud computing transformation will be left behind to wither.

References:

  1. Alexander, Philip, Information Security: A Manager's Guide to Thwarting Data Thieves and Hackers, Greenwood Publishing Group, Inc., 2008.
  2. Byrne, Emma, Are Cloud Data Security Fears Overblown? A Sensible View. Forbes, 12/12/2012 (http://www.forbes.com/sites/netapp/2012/12/12/cloud-security-1/).
  3. Calder, Alan and Steve Watkins. IT Governance: An International Guide to Data Security and ISO27001/ISO27002, 5th Edition, Kogan Page Limited, 2012.
  4. Oracle Corporation, Data security challenges in Oracle Security Overview, retrieved on 8, April 2013 (http://docs.oracle.com/cd/B12037_01/network.101/b10777/overview.htm).

Note:
* Cloud computing is the use of third party computing resources (hardware and software) that are delivered as a service over the Internet. Top cloud computing providers in the US include VMware, Microsoft, Bluelock, Citrix, Verizon, Salesforce.com, Amazon Web Services, etc.

 

[ Back ]