Oracle’s cloud computing offer needs security strategy

However, David Hobson, GSS’ managing director, advises caution: “Oracle’s decision to license its 11g database, its middleware and management tools, starting with the Amazon’s Elastic Compute Cloud [EC2], is an indicator of how quickly corporate IT is changing. “Our customers are starting to ask how their corporate data can be cloud-enabled and, of course, whilst the process seems simple enough, there are a significant number of security and IT considerations to plan ahead for.” Hobson warns that porting a company database or other critical information to a service such as Amazon’s EC2 needs to be carefully planned at all levels, not least because of the security considerations. Cloud computing, he says, raises a number of security issues: “For example, where is data being held? The Data Protection Act is pretty clear that you cannot just export data without appropriate controls… In the FSA’s opinion, data security is now the biggest financial crime risk. They estimate the cost to UK business to have been around the £1.7 billion mark last year,” he warns. “You can’t simply sign the company up to a cloud computing environment and not consider all these points. Policy decisions and security issues need to be carefully considered – even down to discussing the move to cloud computing with your professional indemnity insurer. Unless you can prove you have taken the required planning and security steps, your business insurance policy may be invalid if a data breach occurs,” he adds.