At the Gartner Symposium, last week, HP's CEO Mark Hurd was quoted about the lack of security in the Cloud. This is only one of the voices heard about cloud computing security. So, should we stop thinking about linking our partners in the cloud to gain visibility in our Supply Chain? Maybe, maybe not. What vulnerability are we talking about? In public clouds there are three major:

• The transfer of information from your partner to the cloud. There standard SSL security (with 128 bit encryption) is used. This issue is not specific to cloud, it is actually applicable to e-commerce etc. Yes, there have been breaches at that level (nothing is fully secured), but we continue shopping, don't we. To address this, some cloud providers allow VPN connections, but often more in a "private cloud" type offering.
• The hacking of the datacenter in which the data may be maintained. And here again this has happened in multiple environments. Mark Hurd pointed out that HP gets 1000 attacks per day. Obviously, hosting applications and data in the cloud, forces companies to trust the cloud providers who, for very understandable reasons, do typically not highlight/explain all the security measures they take. So, this is a chicken and egg problem. Data centers have been hacked, but it is not stopping companies storing credit card numbers etc. in internet enabled datacenters.
• The third vulnerability is the least known one. As the cloud implies the running of applications in shared environments, using virtual machines, there is a possibility for tech savvy hackers to co-locate themselves with the application they want to hack and penetrate that VM container. This is obviously only applicable in public cloud environments. The security at hypervisor (the software allowing multiple VM's to run on the same hardware) level is the main question here. Unfortunately in this space there is not a huge amount of experience yet as this is rather a young area. HPLabs is currently working on the concept of secure cells to address this.

So, this being said, should we use cloud computing to share our ecosystem information? The fundamental question to ask ourselves is how private this information really is. Let me give an example. If you are a cosmetic company, you are probably not interested in putting perfume recipes in the cloud, as that is what makes you unique. So, even with a very small chance of the information becoming public, it does not make sense to take that risk. On the other hand, marketing material and prices/discounts are publically available. Yes competitors may have to search a little, but they can/will find the information if they wish so. Having that information in the cloud does not augment the risk drastically.

So, prior to using cloud services to collaborate in the Supply Chain, it is important to assess the confidential nature of that information, and whether this data can be obtained by other means. Objectively assessing the nature of the information is critical to establish whether putting the data in the cloud is/or is not a real tread for the future of the enterprise and its ecosystem.

If no clear consensus can be obtained, you may want to look at intermediate solutions. For example, utility based environments such as AIS (Adaptive Infrastructure Services) provide a secure access to the environment (using VPN or leased lines). As these environments have more stringent security rules, they may appear to the community as less subject to hacking. Ultimately, the security debate is one about trust. The fundamental question is whether the supply chain community trusts the provider or not.

New security techniques will be developed in the future and will change the perception of companies. However, if companies want to start experimenting with cloud today, they should start in non-critical areas.