At Pathwork, Popovic encrypts data to and from Amazon.com using the SSL protocol, decrypting it for analysis while in the EC2 cloud. "There is always a risk when you release your data out of your private network," he says, "but we think the risk is manageable."
Enforcing proper access control to applications and services is just as critical for apps in the cloud as in-house and should be part of any customer's security policies regardless of where they host their IT infrastructure.
Amazon.com uses firewalls to ensure "everybody's computing instances are completely walled off from everybody else's information," says Adam Selipsky, vice president of product management and developer relations for Amazon Web Services. Each instance is preconfigured for maximum security with all unnecessary ports turned off, he says.
Rather than dissect Salesforce.com's security policies, Dreambuilder CTO Jonathan Snyder trusts that "the many very large customers who rely on Salesforce the same way I do" keep the pressure on Salesforce.com to protect their data -- and, by extension, his data. "I'm going along for the ride," he jokes.
The risk ratio may work in your favor
Of course, moving to the cloud is not a panacea. IT and business managers first need to do the hard work of thinking through what applications or services make sense to move to the cloud, rather than just follow the siren song of low price. Then they need to evaluate what levels of monitoring and management make sense for their skill set, the criticality of the application, and most of all, their business needs.
But for the right applications under the right business conditions, managing and monitoring IT in the cloud is not only doable but easier than in a brick-and-mortar, in-house datacenter.
Read more about cloud computing in InfoWorld's Cloud Computing Channel.