The emergence of a new SQL injection attack has done nothing to dampen the enthusiasm of industry analysts that remain confident enterprise data will be pushed into cloud-hosted databases on an ever-increasing basis.
Noting many companies' "strong focus" on consolidating existing databases and plans to virtualise them using database-as-a-service (DaaS) techniques, IDC software analyst Vanessa Thompson says the ball towards data processing in the cloud is already rolling: the IDC Asia Pacific Software Survey 2011, released today, predicted revenues from the model would grow at 11 per cent annually through 2015.
DaaS involves the hosting of key enterprise data sets in cloud-hosted database environments, where they can be more easily backed up and managed by utilising the data centre infrastructure of the hosting provider or cloud operator. It's a fast-growing model that's proving particularly attractive to enterprises with massive data sets they don't want to manage alone – but Thompson says the model is no silver bullet when it comes to security problems.
"This move is really dependent on the risk appetite of the organisation," she told CSO Australia.
"If you are going to process data using SQL Server, for example, it's important to be aware of the vulnerabilities of that platform; transitioning your service to a different delivery model doesn't necessarily mean you're not at risk."
That's cold comfort for potential DaaS adopters, who may warm to the benefits of the cloud-delivered database model but be put off by the need to manage exposure to tenacious exploits that refuse to die.
Several days ago, for example, SANS security researcher Mark Hofman noted the emergence of a new SQL injection attack that was targeting Microsoft SQL Server deployments and spreading rapidly via the infected lilupophilupop.com site.
With fresh exploits emerging on a continuous basis, new delivery models are giving many would-be adopters pause for thought. Indeed, a new Australian Computer Society (ACS) Victorian member survey (PDF) found that 54 per cent named ICT security concerns as the most significant forces driving change in the Australian ICT industry over the next 10 to 20 years. The increased volume of consumer-related data was another one, named as a key issue by 24 per cent.
Security and offshoring were of equal concern to respondents, named by 43 per cent each, while cloud computing was pegged as a critical uncertainty by 34 per cent. In a separate question, respondents were asked what they would say if they could go back in time to 1990 and warn ICT industry figures to prepare for coming trends; encouraging the preparation of "flexible corporate approaches" to cater for new technologies was most popular, named by over 21 per cent. And over 35 per cent said they would be best prepared for the new paradigm with scenarios for the likely impact and available options.
As with any technology, many businesses making the jump to DaaS models will start with discrete new projects in which they can shift data into a cloud-hosted model – then work their way up to migrating extant data to the cloud as their security policies and risk assessments allow, and master data management (MDM) initiatives are expanded to account for the new location of corporate data.
"Ultimately, there's the same level of risk [with DaaS]," says Thompson.
"Those that are doing it now are either already comfortable with the model, or willing to move [non-core] workloads such as for rendering large amounts of graphic information, or processing large amounts of open market data. I don't really see security as an inhibitor, but the same rules do still apply."