Cloud computing can provide a great low cost solution for small businesses wanting to scale up their IT. But for many SMEs security remains a concern.

Cloud computing can provide a great low cost solution for small businesses eager to scale up. But for many SMEs the security aspect remains a concern.

For Andrew Showman, MD at online retailer UK Digital Cameras, the cost benefits of cloud-based technology seemed a no-brainer. ‘As we started to grow I realised that we needed a proper call centre solution, but the hardware cost of doing that would have been £8,000 to £9,000.’
 
Instead Showman opted to access the system through the cloud. ‘We pay less than £500 per month and for that we get a great level of functionality. And as it’s routed through our normal phone lines it means if an agent wants to work from home it can be re-directed through their landline,’ he says.

His single concern was the financial stability of the provider. ‘If they went bust our information would disappear with it, but I have been careful to do my research.’

Determining the quality of cloud computing vendors

Gary Wood, a research consultant at the Information Security Forum, says that if a business is unsure about the company’s stability it could always go with a well-known name: ‘Some of the smaller providers are less likely to be stable, but organisations like Salesforce.com and Amazon aren’t going to disappear overnight.’

Andy Burton, CEO of hosting provider Fasthosts, adds that assessing the viability of a cloud computing vendor before signing a contract should form part of any IT procurement process. ‘There are certain things that you should try to find out about an organisation, so you can gauge the real-world attributes of that business. Such as doing a credit check or establishing where exactly their data centres are located, if they own them and if they are co-locating.’

The Cloud Industry Forum has already developed its own certification system for determining the quality of cloud solutions vendors based on transparency, capability and accountability. The hope is that this will lead to a list of approved vendors, something that will become increasingly important as less renowned providers enter the market. ‘It’s about trying to get as much transparency as possible about what’s being delivered into the market,’ says Burton, ‘so people will be able to make an educated, rational decision.’

Security in the cloud

The risk of data theft is fairly minimal, as it’s in the interest of the vendor to enforce data security, adds John Colley, director of security professionals association (ISC)2.

‘In terms of protection, the cloud provider has more riding on its services not being compromised than any one individual customer has.’

Security concerns are ‘fundamentally the same’ for cloud as for on-premise infrastructure, says Garry Sidaway, director of security strategy at IT consultant Integralis. ‘But as an organisation, you’ve got to start extending these principles [into the cloud].’

Some businesses are even beginning to see the cloud as a security benefit. An investigation by standards body The Open Group found that some members had adopted cloud services as a way to overcome the lack of security of their own infrastructure.

It’s a point Showman agrees with: ‘In terms of security, I imagine they do a better job of managing the system and keeping it secure than we would ourselves. We’re also thinking of moving our back office into the cloud too, as having it properly stored seems a much safer solution.’

See also: The cordless air mouse