Security still top concern with cloud, despite Amazon outage

For most companies, data security worries will continue to be biggest inhibitor to cloud adoption, analysts say

Despite the heightened focus on cloud availability and uptime caused by Amazon's prolonged service outage last week, security will likely remain the bigger long-term concern for enterprises, analysts say.

Amazon last week blamed undisclosed server problems for a partial service outage that either crippled or knocked offline, hundreds of sites, including several major ones. The problems began last Thursday and dragged on for more than two days, causing considerable frustration for some customers of Amazon's cloud services.

Though the company appears to have fixed most problems, it was still working on addressing a few unresolved ones as of Monday morning.

The incident has focused considerable attention on cloud availability issues with some predicting that companies that were hesitant about moving to the cloud in the first place, will become even more reluctant to make the jump now.

"Obviously these issues are very heightened right now, and will continue to be so for quite a while in light of the outage," said Kyle Hilgendorf, a cloud computing analyst with Gartner.

"Amazon portrays an aura of invincibility, whether intentional or not, and this outage is going to remind enterprise customers that nobody is perfect and increased due diligence is required," he said.

Enterprises should be concerned about performance in the cloud, but not any more so than they should be concerned about reliability and performance in other data center or traditional hosting environments, he said.

Security is really the more pressing concern, he added. "I still consider it to be the bigger, long-term concern," Hilgendorf said. "Enterprises I speak to are more concerned about security than they are about availability, reliability, or performance."

In most cases, cloud security concerns are related to issues such as the accidental release of protected data, user authentication and access control, and the level of access that that a cloud provider might have to an enterprise's systems and data.

Such issues have consistently ranked as the top concerns for companies looking to move to hosted cloud environments.

Don't expect that to change any time soon, said Jonathan Penn, an analyst with Forrester Research. Last week's Amazon outage is sure to stoke enterprise anxiety about cloud performance and uptime, security is still going to be the bigger worry for most enterprises, he said.

Companies that are looking to move applications to a hosted cloud environment are going to want even more availability assurances from their vendor now, he said.

Ultimately though, enterprises need to realize that there can never be 100 per cent uptime in a cloud environment, just as there can never been continuous availability within an enterprise data center, he said.

Failures of the sort that happened last week will happen again, and it's up to enterprises to ensure that they have measures in place to mitigate any resulting service disruptions, he said.

Over the longer term the thornier issue for most companies will continue to be data security, he said. Forrester's clients have consistently rated security as their top concern with cloud computing, ahead of other issues such as performance and availability, he said.

That is unlikely to change, for sometime, he said. It is still a bigger "inhibitor of adoption" compared to any other factors, he said.

"I do think this outage may result in more organizations realizing that the cloud isn't perfectly reliable," said Rich Mogull, an analyst with Securosis.

"I've always advised clients that you can't count on the cloud just because it's the cloud," he said. "Any service is prone to outage, and you need to determine your reliability requirements and plan to meet them."

However, it would be a mistake to treat reliability and security as two separate issues, he said. "They are two equally important questions and whichever is more important will depend on the organization," he said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is

Read more about cloud computing in Computerworld's Cloud Computing Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags Configuration / maintenanceGartnerdata securitysecurityhardware systemsData Centercloud computinginternetdata protection

More about Amazon Web ServicesForrester ResearchGartnerGoogleTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts