Unfortunately for a CIO considering moving their mission critical systems to the public cloud these answers don’t cut the mustard, in the current model moving enterprise systems to the public cloud would be career suicide – when things go wrong, as they inevitably will, it's the CIO who will be fired – it was their decision and no one else can take the blame.

The concerns of CIOs around cloud computing are very clear. “The cost and flexibility of cloud computing is very appealing but I simply have no idea what is happening to my data, where did it go, who accessed it and how can I be sure the data has not been manipulated? The cloud service providers do not yet have an acceptable answer to these questions. When asked typical responses from cloud service providers include  “Trust us, we are XXX certified”, “Here is our SLA, if we ”, and if you are lucky “come in and audit our data centers”.

Unfortunately for a CIO considering moving their mission critical systems to the public cloud these answers don’t cut the mustard, in the current model moving enterprise systems to the public cloud would be career suicide – when things go wrong, as they inevitably will, it's the CIO who will be fired – it was their decision and no one else can take the blame.

Ultimately it is about human relations, being in control and being able to hold people responsible. Internally all employees are vetted, their activities can be monitored and most importantly they can be held responsible when things go wrong. With the public cloud the only recourse is what is written in an SLA and  money-back guarantees are very far away from level of assurance that an enterprise CIO needs. There is a huge difference between picking up a phone and yelling at someone you’ve worked with for 10 years versus dialing a 24x7 hotline or staring a website with a “sit tight, we’ll be back soon” message. Cyber-insurance won’t help much here either – any payout from the claim would ultimately be collected by the CIO’s replacement.

The solution is not, as some would tell you in the security profession, better certification of cloud providers and external vetting of their human operators. Certification has a role to play but the ultimate answer will be technologies that limit or better, eliminate the need to trust the outsourced administrators

Let’s look at the three tenets of security to see how this can be done.




Availability is the easiest to understand: how a public cloud model can deliver as reliable a performance as enterprises owning their own data centers. Consider how the earthquake and subsequent tsunami in Japan made the banking community realize that having a main data center in Tokyo with a backup in Yokohama, just 50km away, wasn't such a smart idea. 

Contrast that with the latest object-store solutions that provide multi-continent, multi data-center storage redundancy and availability. It is here that certification can play a key role as it is possible to analyze and correlate the risks.

Integrity is possibly the least understood of the security triad and can be addressed with Keyless Signature Infrastructure (KSI) which provides a mechanism for CIOs to dynamically attest that their systems and data are in a clean unmodified state in real-time and act when a unauthorized modification is detected. 

It also keeps the public cloud administrators honest – everything that happens in the cloud environment can be verified independently. When something goes wrong there will be forensically auditable evidence to prove what happened.

Regulatory compliance requires enterprises to prove the integrity of their archived data, spending as much as $10,000 per TB for hardware-based solutions. Now this can be done in software in a public cloud at a small fraction of the price.

Confidentiality  Since IBM's Craig Gentry announced his fully homomorphic encryption (FHE) scheme there has been intense research in the academic community to build something practical. FHE implies that you can store encrypted data in the cloud using encrypted applications and the data never needs to be decrypted, even in memory

Indeed the results only needs to be decrypted locally when an authenticated end user needs to view it, thereby removing any possibility of the cloud operator or outside attacker breaching the confidentiality of the data. Although a long way from being practical the time will surely come.