Going against the grain, latest news from cloud security experts suggest that the cloud may be more secure than we think. Experts participating in the SecureSydney conference in July 2011 said that cloud computing definitely has the potential to be more secure than traditional computing.
Security issues are one of the most significant deterrents to moving to the cloud for CIOs and other organizational decision-makers. According to Neil Readshaw, IBM’s cloud security lead architect, “Security is perceived as an inhibitor of Cloud but it can also be viewed as an enabler. You can find many studies that say security is the main inhibitor for Cloud in many ways… the point here is, it’s our responsibility to help Cloud become successful by making it secure.”
During the conference, there were a number of suggestions for increasing cloud security, including ensuring that vendors complied with Australian regulations. Experts also pointed out the need for strict guidelines to be established during a cloud negotiation process.
Cloud Security Improvements
According to security experts, a number of new security solutions are surfacing. Solutions are being developed that can verify cloud service providers’ claims that your data is safely lodged on its own server. Other solutions are designed to protect customers’ cloud-based data by using math functions to divide it into sixteen segments, any ten of which can be used to re-create the entire original set.
Service providers, including Amazon amongst many others, offer virtual private cloud services in which customers can have their own isolated servers. This allows them to monitor whether or not the CPU cache on their cloud servers are carrying out only what’s expected, nothing more.
These solutions have been developed to respond to recently identified threats that hacking within clouds (using one set of virtual machines to target another) is theoretically feasible.
The other side of the coin…
Of course, the SecureSydney conference also had security experts pointing out the many security disadvantages of moving to the cloud. Some experts also argued that if security isn’t a priority, then moving to the cloud could potentially be a detrimental move.
However, enterprises can safely migrate to the cloud, as long as they are aware of data protection practices. According to Ara Trembly, principle of the IT consultancy The Tech Consultant, “For some businesses, it will be inadvisable to use the cloud. A business that uses data as its lifeblood won’t want to put that data out there where it would be more vulnerable. Insurance companies are one of those businesses, as well as financial institutions, medical centers and doctor’s offices.”
Top Cloud Security Questions
Although the cloud offers organizations many great advantages, for instance convenience and cost savings, there is always a threat of data breaches, which can incur financial costs as well as damaging a company’s reputation and brand. Experts recommend asking the following questions when considering the security of migration to the cloud:
- How valuable is your data? Consider the whole scenario of a data breach. What kind of impact would this have on the business? Is there a procedure in place to respond to and recover from the breach? How would the business’ public relations be affected?
- What are you willing to do to protect your corporate data? Appropriate protection of corporate data requires some kind of investment proportionate to its level of sensitivity and importance to the business. What kind of intrusion protection system is required? How will this be implemented and maintained?
- What changes are you willing to make within your infrastructure and your policies to ensure that data is being protected? Most organizations are concerned about setting employee policies, for instance, allowing employees to use personal devices for work purposes, while ensuring locked-down data protection.
Recently, security experts have suggested that the cloud could eventually offer more security than conventional IT systems, as long as all users comply with regulations. This is in contrast to the belief that security in the cloud is sorely lacking. At the SecureSydney conference held in July 2011, experts argued that security concerns should not be seen as an obstacle to organizations looking to migrate to the cloud.
CCSK Exam Preparation
In preparation for the Certificate of Cloud Security Knowledge (CCSK), a security professional should be comfortable with topics related to this post, including:
- Enterprise and Information Risk Management (Domain 2)
- Compliance Impact on Cloud Contracts (domain 4)
- Provider Selection (Domain 8)
- Recommended Provider Tools and Capabilities (Domain 9)
- Key Management Best Practices and Standards (Domain 11)