Addressing the biggest objection to cloud
Melissa Stevens 270005B76W MELISSAS@US.IBM.COM | | Tags:  security ibmsecurity cloud-security cloud
1 Comments | 6,042 Visits
This post is contributed by Darren Argyle, World Wide Security Solutions Market Leader.
After nearly falling asleep at the wheel of my car one evening and narrowly avoiding slamming into a wall, I was reminded of just how important having good brakes on my car is. When we consider safety on our cars, I think we can draw some comparisons to the safeguards we can apply to cloud computing; let me explain.
Security remains the biggest objection to cloud computing, and the number one inhibitor to broad scale adoption. IT leaders are expected to enable the business, innovate and do more for less; cloud computing presents this opportunity. However, IT departments are concerned with reduced visibility into cloud data centers, less control over security policies, new threats facing shared environments and the complexity of demonstrating compliance. These concerns are especially magnified in public-cloud environments in which there is no physical access to the cloud infrastructure. In the rush to build out new cloud computing capabilities by new entrants to the market, we’re seeing concerns being raised by those responsible for making the decisions on the purchase of cloud. As long as these perceptions persist in the minds of those leaders considering cloud, concerns about security and lack of trust will continue to hamper broad cloud adoption.
Changing perceptions about cloud security
So can these perceptions be changed? Back to the car; let us consider the safety that is built into our cars and how understating these principles helps us see security as an enabler for cloud. In your car, firmly pressing the accelerator pedal increases the speed, but without brakes on your car, you’re more likely to take things a little more steady, in fact you may even decide not to drive in that car at all. Having good brakes on a car gives you the confidence to accelerate faster and reach your destination safely. This same principle applies to the cloud, to take advantage of everything that cloud computing promises; scalability, flexibility and reduced costs, we need to ensure the security controls (brakes) are built in, are fit for purpose and regularly tested.
As more organizations consider embracing cloud, whether its designing a new cloud service, deploying data and workloads to the cloud, or consuming information from cloud-based services, a holistic view of security and a strong understanding of risks associated with each domain (people, data, applications, infrastructure) are necessary to keep up with constantly-changing cloud infrastructures. A responsive, integrated, end-to-end security framework is needed, centered around three distinct phases: design, deploy and consume. These phases are very similar to those of a traditional application development life cycle, security control points are included as part of a quality checkpoint, as we move through each phase. For building private/hybrid clouds in particular, it’s especially important that the security solution technologies are scalable, integrated and intelligent to protect against new threats, regain visibility and demonstrate compliance with activity monitoring and security intelligence.
Managing risks in a new environment
We should still apply existing good practice security standards and controls, but we need to recognize what’s different and where we need to pay special attention. Multi-tenancy is one such example; protecting against unauthorized access to system resources, business applications and data becomes even more of a priority, cloud introduces a new tier of privileged users: administrators and operating personnel working for the cloud provider. Handing some level of control of security to a third party in a multi-tenanted cloud infrastructure can be daunting, but with proper security agreements, process, technology and trained people to manage these environments, risks can be managed to a satisfactory level.
As cloud computing advances forward they’ll be a greater need to address security concerns collectively, rather than in industry silos. The cost of not working together will be a lack of trust and cloud computing could fall short of its promise. Cloud Standards Customer Council (CSCC) is dedicated to accelerating cloud's successful adoption, and drilling down into the standards, security and interoperability issues surrounding the transition to the cloud. IBM is founding member of CSCC and is working across industry, helping shape secure cloud computing for the future.
A “secure” cloud environment provides the opportunity for business to innovate with confidence, be more agile and be faster to market. Visit http://www.ibm.com/security/announce/ to learn more about the newest in cloud security offerings from IBM.