By Eden Estopace | Apr 11, 2011
MANILA -- There is no single driver for adoption of cloud computing among organizations but for cloud services to take off working models are needed. This was the consensus of government executives and IT professionals who attended the Kaspersky Lab's Executive Roundtable on Cloud Services held in Manila recently.
Rep. Sigfrido Tinga, chairperson of the House Committee on Information and Communications Technology, said the whole change in the demographics of the market is a great opportunity for cloud computing and cloud security. However, it is important to have a working model for the concept.
"It is not really anymore an issue of what cloud computing is but more on what can cloud computing to do. People want to see how it can improve things," Tinga says.
Technology, he explains, has changed from being a one-way tool to something that everyone uses. Everything is two-way now, whether it is on the media side through crowd sourcing, or the business side through business process outsourcing. You cannot have a technology rolled out that is focused on headquarters shooting if off to consumers.
Amado "Jun" Malacaman Jr., VP, Information Systems Society of the Philippines (ISSP), affirms that cloud computing is already in use to a certain extent in the business environment or even in the government, but people are not really aware that it is cloud computing. "Let's not define it but allow people to use it, put it in their hands," he says.
As in many parts of the world, however, security is a key concern for cloud services, the main issues being the confidentiality, integrity and availability of data.
"A lot of businesses are thinking of using the cloud, realizing its advantages such as being shielded from the high cost of infrastructure, technology obsolescence, processing capacity," says Angel Averia, President, Philippine Computer Emergency Response Team (PH-Cert). "But in going into the cloud, a third party as a service provider comes in and it makes a difference when businesses have their own infrastructure and have full control of their data and set their own policies."
Just think of the bank, Tinga illustrates. "It used to be that when you are in the bank, they have to make sure that nothing happens to the customer and the money is secure. When you leave the bank, it is no longer their concern. Now, the entire transaction is something that they are concerned with -- from withdrawal of funds to customers' purchase decisions. They are part of the entire security cycle. Everything is so interconnected and unless you can string the whole transaction process together as a seamless business, you are going to be left behind."
Another view offered by Venkat Narayanan, Senior Vice President, Mahindra Satyam, is the coming to the workforce of the next generation or the "instant gratification generation", which more often than not, demands the use of mobile and embedded devices in the working environment.
"This has a big security impact because the device does not belong to the enterprise and when corporate data is synchronized in personal devices it creates implications on how data is transmitted or stored in the cloud," he says.
The usage of these mobile platforms is very elastic. The challenges are a lot more complex than the traditional cloud application because the personal devices interact with the corporate system.
There are however multiple ways of mitigating it, he says, such as using a remote device management platform where you can manage these devices using Security as a Service (SaaS).
In looking at cloud security, affirms Averia, it is still the same basics -- integrity, availability and confidentiality of data but one need to ensure that the measures are properly implemented.
Exploring cloud options
Bernie Bengler, Director, Cloud Services & SaaS, Kaspersky Lab APAC, defines cloud computing as a model for enabling convenient, on-demand network access to a shared pool of configurable computing services (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned.
He explains that there are basically three different cloud service models - Software-as-a-Service (SaaS), which is basically an application over a network; Platform-as-a-Service (PaaS), which deploys customer-created application to a cloud; and Infrastructure as a Service (IaaS), or basically renting old infrastructure to develop new applications.
"I have a simple approach to cloud security," Bengler says, "And that comes down to asking questions such as what do you want to do? What is the risk attached to it? What are the measures you can do to reduce the risk and what's your overall benefit. It's a very simple approach and it works."
The major differentiation, he explains further, is in the deployment models. Is it a private cloud, community cloud, public cloud and hybrid cloud?
"Public clouds work beautifully on saving costs but most likely not on the security side, but the internal clouds works the other way around; they are very secure but very expensive. Hosted clouds, however, can take bits and pieces of the good stuff and you can run something in the cloud very efficiently and save money," he says.
These days, he says the discussion on cloud computing has moved to what can organizations move into the cloud? It's basically a replacement of the current process but a lot of things that deal with cloud computing is completely new and not possible before.
The barriers to cloud community on the security side and the benefits on the operations side, notwithstanding, Calix Enggay Jr., Aboitiz Transpor System, shares that IT professionals like him are already preparing for the cloud. However, he says the cloud is really a strategy of the management.
"Having the IT in the cloud means two things-- to be agile and provision as fast as you can and to cut cost. For us security professionals, we have to align with the management, we have to design our ERM, and we have to design the focus of the organization and our information assets. Probably, it is a matter of time," he says.
Many organizations, says Malacaman, have not adapted cloud computing because they haven't felt the need. You must have several forces working together to make organizations see that need.
"Unless it is a necessity, we (the Philippines) are not an early adaptor," affirms Tinga. "The reason why mobile phones got rolled out very quickly is because landlines weren't there to service the community."
As one of the biggest consumers of IT, does the government see the need to move into the cloud?"From what we are seeing, the government knows and understand that there is a need to put some effort in ICT, but how much effort, that's up for debate," says Tinga. "If there is one way for this country to leapfrog and become a developed nation, we can bet big time on all these -- ICT, cyber security, cloud computing. What people who are pushing this government agenda are doing is find ways how to get it done."