In a recent roundtable discussion on cloud security hosted by Internet security software developer Kaspersky Lab, it showed that this is largely because of the general lack of information about cloud computing as well as its security from digital thieves and hacking.

Simply put, cloud computing is using the shared resources of the Internet to run various computing tasks without having to rely on just one physical machine. The sizeable computing power pooled by interconnected computers into the Internet can be harnessed for individual IT uses, such as running web-based office applications; increasing bandwidth to speed up data transfer, providing real-time access to large databases, and even streaming multimedia services such as video and audio.

Cyber Services Group head of the Commission on Information and Communications Technology Monchito Ibrahim noted that one of the main concerns of Filipino companies regarding cloud computing is its different forms — software-as-a-service, platform-as-a-service, and infrastructure-as-a-service.

This confusion also stems from the fact that many IT infrastructures even in big companies are already outdated and also remain not fully utilized. Ibrahim pointed out that there should be more engagements to educate the local IT industry on cloud computing to let these confusions rest.

But aside from having to understand the different levels of cloud computing, Ibrahim also stressed on another question raised by many IT managers and that is security – a question brought about by incidences of hacking and other cybercrimes, many of which have gone unreported.

“I look forward to learning more about ways we can actually overcome some of the issues related to cloud computing specifically security issues. And some of these may be secure access to intrusion detection, data location. Because in cloud computing we actually don’t know where data is located. Physical security forensics, standards is a very important matter to actually look at. Regulatory compliance,  data ownership. Issues that are related to the multi-tenancy nature of cloud computing. And one of the most important issues is data privacy,” Ibrahim said.

Such concerns are not at all unfounded as there are still some inherent problems with cloud computing, according to Magnus Kalkuhl, a senior virus analyst for Kaspersky Lab’s Global Research and Analysis Team.

Kalkuhl noted that a malicious application called Ghostnet actually uses cloud computing measures to spy on concept. He also stressed that host servers of cloud computing applications can still be hacked. During the forum, Kaspersky’s virus analyst raised the simplest yet most profound issue: what if Internet access becomes slow or unreliable, what happens to applications running on cloud computing?

In a study by Canadian IT research company XMG Global, one of the main concerns of IT managers about cloud computing is security, followed only by lack of administrative support from the cloud computing providers.

XMG Global Associate Analyst Calen Legaspi said security issue is more prevalent at the side of the cloud computing service provider rather than from the end-user. Because of the nature of cloud computing, the service provider is tasked to manage the services and ensure that data from end-users are secured from data theft, hacking or corruption.

The Philippine National Police (PNP), one of the invited participants in the discussion, said it is doing data warehousing of their sensitive data, though they have been looking to implement cloud computing to speed up sharing of information among their various offices.

Police Inspector Berniel Gotoman from PNP’s Communication Electronics Service noted that the national police is apprehensive since they do not know the capabilities of securing data on a cloud computing environment. “Our concern here is if ever we will be going to cloud computing in the future, we want to assess our infrastructure if it is more secured to go on cloud computing. Because the data we are going to share with our offices are considered as delicate information,” he shared.

Amado Malacaman, vice president of the Information Systems Security Society of the Philippines (ISSSP) identified three areas of concern about implementing security of cloud computing. The first is the simple failure of the machine, which can prove problematic trying to deliver services to multiple clients over the Internet. The second is security from internal staff who may be intentionally or unwittingly giving away data from their IT infrastructure. The third is external of which hacking or data theft are included.

Nevertheless, Malacaman stressed that the main concern that must be addressed is lack of security standards from a security perspective. “This means you will have to go through training or re-training. There are also new business models to be implemented as the technology changes. Standards have to be in place to ensure proper implementation,” he said.

Kalkuhl noted that even if “the real productive cloud is still a few years ahead from now,” these should not deter Filipino companies from implementing cloud computing plans.

“Right now I would say it’s important for everyone to look at the cloud and to experiment with it, to play with it… There’s no need to hurry up,” he advised.

Kalkuhl said there are still viable measures that ensure the reliability of cloud computing, especially on security aspects. “At the end, all I can suggest is to check the benefit and the relationship of the benefit to the risks and costs. If it turns out that for certain applications the cloud is good for you, then use it. But don’t just use it for everything to be in the cloud.”