Running through the world like no obstacle, robust growth of cloud usage is perhaps faster than the old time fame of six-million dollar man. An estimation released by Forbes hinted at surge prediction from $62 billion (2015) to $162 billion (2020), which in calculation of Compound Annual Growth Rate (CAGR ) to occupy 19%. Claudius Lam – the Chairman of Cloud Security Alliance of Hong Kong & Macau Chapter (CSAHKM) – added that in market implementation, the number means a lot as notable increase of cloud users worldwide and it should have been higher. A huge market potential is what it`s all about, in further interpretation as promising business development. But is it always the case? How about the security to acknowledge by businesses?
Recognition to Cloud in Hong Kong & Macau
There was gradual stance of cloud movement within digital transformation strategy, but its prevalence has transformed as replacement of fundamental kind of infrastructure – whereby becomes mainstream usage of data storage and application. Today, cloud is no more strange alien to companies and individuals, creating supportive atmosphere where the trend rises with more chances to develop. Data are nowadays quite everywhere; kept on cloud effortlessly – with simple steps to obtain as of purchase and use it.
Simplicity that becomes strong preference reason, especially by acknowledging that computing investment is more efficient through cloud utilisation. In standard concept, data storage should come up with server or network; while Claudius made it clear that no funding allocated for such equipments by selecting cloud for our data. Cloud providers do have their own data center, in which users only purchase the service functioned – not the hardware. It`s actually a mainstream set to make procurement of computers and all related parts when a company is established – but whether they`re now fully capitalised, is a huge question. But Claudius would say that it`s catalysed as not 100% anymore; so by using cloud, thorough aim of capitalising could be said as today`s technological benefit. No more wasting the investment, even just a penny.
That`s why in Hong Kong and Macau, most of cloud users are Small Medium Enterprises (SMEs) and Start-Ups; because they aren`t in stage of yielding tremendous amount in investment budget, as well as their inability to employ human resources to manage kind of complicated IT system. Cloud is just perfect option on their hands at the moment, particularly because public cloud is now accessible with many functional services.
Vice versa, middle upper businesses hesitate to use public version of cloud and prefer to manage a private one as the governments regulate them. It`s rather strict in certain industry such as banking towards method of storing the data and pattern of the system operation. As public cloud is owned by provider entity; not only that the data is kept somewhere beyond a company`s control, but plausibility of having it automatically copied somewhere might be an unknown practice inside.
Hence, if big institution utilises public cloud, high risk of confidential data to leak is not impossible. If we talk about people in general who use the public one, logically, who wants to hack data owned by random individuals containing personal matters that don`t impact to any issues. As a contrast, data of notable organisation is crucially classified with certain implications and sensitivity to public or even important officials; which potentially leads to misuse if outsiders find the content out.
Hong Kong`s Cloud Market Distinction
In definite shape, Claudius analysed a potential of developing market with octopus scopes. As cloud users are envisioned to be more and more, providers are the ones to be ambitious towards infrastructure investment thus they can be bigger players. When they`re the considerable ones, they have more capacity to attract more customers, as well as provide more services.
However, worldwide-trend wise, such circumstance might only be what happens on first surface; capturing more users and providers try to catch on vast growth by building up bigger capacity. As a result, it`s been the supply to exist beyond the demand, leading to less customers filling in the more extensive portion.
Nonetheless, Hong Kong has different case, with cloud demands that outweigh availability, providers in the region are short of supply. While the global situation picturises providers elevating to grab customers, Hong Kong ones don`t need to win any hearts. But it`s not a thorough success story, to win over high demand in such tight area, small-player providers could be acquired by bigger ones. Abundant potentials wrapped in tight competition, still. First to concern, if cloud service aims for expansion, fixed infrastructures are needed namely data storage, capacity to run all applications, plus communication and network system – all pooled in a data centre.
What happens is that Hong Kong providers are trying to build even more data centres thus be able to catch up with customers` demands, but another problem is on land cost which is extremely expensive and rather full. Claudius thought that the government should get involve to establish clear policy of data center area provision, so it could help cloud providers to expand for the sake of Hong Kongers needs of cloud. If it`s not land to be the data centre, perhaps it`s needed to figure out somewhere-out-there zone to be a new base of cloud support infrastructure.
“Expectation is there to have equilibrium state between cloud`s supply and demand, thus a balanced stake would have its door open”
Cloud to Secure Business Continuation
Trend of increasing demand on cloud usage is actually laced with top concern over security issue. CSAHKM conducts annual survey to organisations and businesses in Hong Kong, showing that security has always been number one`s concern. Even at certain cases, they don`t matter the cost, but security hesitation might be a fundamental base of them not trusting cloud in full capacity. Once the security issue can be solved, the use of cloud would even be jumping.
Therefore, accentuated by Claudius that no matter how ups and downs occur in cloud usage, CSAHKM isn`t in charge to influence more utilisation of it. CSAHKM stands its mission to push cloud security, not cloud computing sales. If it`s about organisations and businesses, they`re indeed already familiar with the usage for operation; and CSAHKM touches more into security challenges faced, as well as to assure if it`s the best practice for them. So they would know what they need to undergo when they use cloud and how to establish protection. Here, Cloud Security Alliance (CSA) would be very functional on its role.
“CSA isn`t in the target to make everyone uses cloud, but to promote cloud security assurance”
In frame of big companies, they`re not advised to leave physical server entirely as they can`t let their data to go out freely. Ownership of their particular server or data centre is highly suggested; with additional action to have converted data to private cloud. Thus, in case of occurrence of ransomware attack, they don`t have to stop their operation for days.
Months ago, a travel agency in Hong Kong got ransomware attack, which caused the company`s server locked leading to the business to close down for around two days. If they had used cloud at that moment, they didn`t have to close office for days, because the operation could be continued. By using cloud, another copy always exists somewhere, as of mirroring process. And the service providers have many sets of system; so although the hardware fails, another system of the hardware can be reached. Thus, the operation won`t be affected, if the server is down then the operation won`t just halt.
The continuation of business is one of the beneficial keys of cloud computing, thus it`s a strong option to apply cloud on business operation. If such simple knowledge is spread even wider, businesses would realise that the problem could be overcome and benefit is for sure obtained in longer term. And organisations will have no more hesitation in using more capacity of cloud. Let`s say for telco companies, cloud usage definitely supports more business opportunities; and for outsourcing companies, as in the past they used system administration to work with their agencies, now they can outsource everything – as they can use cloud for the the management platform.
CSA`s Certification on Hand
Headquartered in the U.S, Cloud Security Alliance (CSA) applies the same standards of certification in different countries. Derivation of cloud security certificate is proper idea to cater users` preference in choosing the service provider. In Hong Kong where not many of them prevail, but one having official certification would stand with a plus point for the business. Let`s say if the providers mention that their security complies CSA`s STAR (security, trust and assurance registry), users won`t be wary of their security level quality. It could also be a soft promotional tool to improve the providers market expansion.
At most cases, providers won`t fail the certification process as long as they have persistent willingness in following and working the whole steps. First, self evaluation should be undergone by providers internally; afterwards, they need to engage full certification consultant to guide towards how the organisations could comply with the certification itself. The consultant sees thorough policy and would be very serious about running the whole process. Everything is standardised and documented, thus the organisations receive trustable recommendation from the consultant.
All changes that the organisations decided to make are well-documented process, which after all complied within terms of requirements; a firm stance when they`re ready to apply for the certification. At this particular timing, CSA will come and assess to the organisations to analyse their evidence and all crucial elements to observe. Finally, they could be granted an official certification. It indeed takes time, effort and money; but if the organisations are serious, they would normally not fail.
The whole certification journey could be between 12 to 18 months; rather long as no organisations would instantly be ready. They need to have fundamental switch to re-promote the whole organisations in order to meet the requirements. It`s a huge attempt, but the service that can be provided after the certification will even be more secured. It`s both beneficial for users and the organisations as of investment for business continuation in the future.
“Cloud security certification procedure is identical with ISO; commence with basic fundamental elements, start to reform parts in the organisations. When the consultants arrive they would look at different areas and suggest how the organisations are capable to alter or modify for improvement”.
A marketing and communication professional, Claudius Lam has been involved in information technology for more than 25 years. He is now the Marketing Manager for Trend Micro, responsible for addressing the security challenges of enterprises by connecting market problems with Trend Micro’s solution and service offerings.
Claudius assumed the role of Chairman at Cloud Security Alliance Hong Kong & Macau Chapter in 2015 and is dedicated to fulfil CSA’s mission of promoting the use of best practices for providing security assurance within cloud computing.
Claudius Lam | Chairman, Cloud Security Alliance Hong Kong & Macau Chapter | Hong Kong | firstname.lastname@example.org | csahkm.org
Anisa Kirana | Hong Kong | 2018