‘The cloud is safer than you think’

By Edwin Yapp October 11, 2013

Oil & gas service provider bets on the cloud; believes it’s safe when partnered with right vendor
Cloud security is not unique in itself and is an extension of an organisation’s security framework

WHILE cloud computing has been positioned as a new way of computing that can improve efficiencies and save costs for enterprises, security and privacy have always been cited as the major impediments holding back many companies from adoption.

But the notion that the cloud is not safe is incorrect and should not be used as an excuse for not adopting it as a technology that can potentially transform today’s businesses, according to oil and gas player Bumi Armada.

‘The cloud is safer than you think’ Speaking at the MSC Malaysia Cloud Computing Conference on Oct 9, Bumi Armada chief information officer Chakib Abi-Saab (pic) boldly declared that cloud computing is safer than what many think.

“A lot of people are hesitant in adopting cloud computing because of security reasons,” he said during his keynote address. “Let me make one point very clear: The idea that cloud computing is not safe is incorrect.”

Bumi Armada is a Kuala Lumpur-based offshore oilfield service provider. The MSC Malaysia Cloud Conference is an official satellite event of the 4th Global Entrepreneurship Summit being held from Oct 11-12 at the Kuala Lumpur Convention Centre.

Other satellite and partner events in conjunction with the summit include the Global Startup Youth or GSY initiative; the Ideas2Invest ‘hack-celerator’ organised by Cradle Fund Sdn Bhd and Angels Den Asia; and the CIO Leadership Summit organised by the National ICT Association or Pikom. More information can be found here.

Abi-Saab said that when he first arrived at the company about three years ago, he tried to convince the board of directors that cloud computing was the way of the future for the company, but he encountered resistance then.

Noting that the board had not yet seen the benefits of cloud computing expressed in business terms, Abi-Saab changed his approach by explaining to them how he was going to improve the availability of data, and create efficiencies by focusing on managing business activities rather than on how many servers the company had.

“I showed them that I wasn’t going to raise the cost although I did not sell the idea that the cloud can save money. I focused on the efficiencies that can be gained and the board then agreed -- but some [members of the board] still asked if it was safe to hand company data to an external cloud provider,” he said, adding that eventually Bumi Armada chose Google as its cloud provider.

“To this, I say: 'Can anyone tell me if our own data centre is safer than these reputable providers such as Google or Microsoft?' [Of course] there is no one technology that is 100% crash-proof; not today, perhaps never,” Abi-Saab elaborated during the Q&A session following his keynote address.

“This question to me has a very simple answer: These cloud providers do this for a living and the reality is I can’t compete with them in terms of cyber security because they are built with that purpose in mind. Cloud computing is safe if we decide to move our information to a company that is reputable and that will truly support you.”

Abi-Saab said since getting onto the cloud, Bumi Armada has been able to shift its focus away from operational and maintenance issues and move its people towards true business oriented tasks, thereby helping it gain a competitive advantage.

He also added that companies today must not be so afraid to adopt new technologies and be crippled by the perceived lack of security to the extent that they would not even consider new technologies like cloud computing.

“There has to be a balance between security and taking risks to adopt technologies that can help your companies.”

An extension of IT security

According to Chang Cheong Swee, director of strategic business and marketing at HeiTech Managed Services (HMS), cloud security is not something that is unique to an organisation’s security infrastructure and processes.

Speaking at the Q&A session following his keynote address, Chang said that it’s important to note that cloud security is merely an extension of the general security practices and processes within a company’s security framework.

“Any company should never lose focus of this as security is not just about technology but also about processes as well as user education – that part of security and policies have to remain,” he pointed out. “When you’re talking about a company moving to the cloud, these policy matters should be taken into account and extended to new technologies as well.”

Darryl Carlton of Gartner said security is not that much of a concern as trust is more important, although the latter is part of a security framework.

Also part of the panel, the research director at the analyst firm said trust is more of a cultural issue and that IT security just concerns itself with the technical aspects of security.

“When you speak of trust, you’re talking about asking companies to trust the cloud provider with more than just IT security but with their reputation, brand, products and services.

“Trust must be built both ways between cloud providers and companies. When this happens, cloud computing will flourish,” said Carlton.

Related Stories: