Asia's Source for Enterprise Network Knowledge

Friday, April 18th, 2014

Information security management

Cloud growth prompts shift in enterprise security strategies

What a different global economy this would be if it were only a little bit more like the cloud. As the financial markets go through their bipolar mood swings with every wrenching headline, the market for cloud services has marched steadily upward and onward, seemingly unfazed by the concerns of the non-virtual world.


 
According to the research firm Global Industry Analysts, worldwide demand for cloud computing services will reach $222.5 billion by the year 2015. Indeed, the very perils of the current economic climate seem to propel cloud prospects forward.


 
"The bad economy is feeding [demand], as cash- and revenue-starved companies prowl for IT solutions that are cost-effective, require minimum to zero investments, and low management of computing resources," note the analysts in a statement.


 
IDC predicts public cloud computing services alone will grow to $72.9 billion in 2015, up from $21.5 billion in 2010. Indeed, in 2015, public cloud services will account for 46 percent of net new growth in overall IT spending in five key product categories --applications, application development and deployment, systems infrastructure software, basic storage and servers.


 
With numbers like this, what could possibly go wrong?


 
In fact, there is significant trepidation over security, governance and risk management issues associated with every flavor of the cloud--public, private and hybrid. "Security and other risk concerns are the largest inhibitor of cloud computing," says Gartner Vice President Jay Heiser.


 
Trend Micro found that 43 percent of the 1,200 worldwide respondents to a survey it conducted have had security issues with their cloud providers. The report showed that even though more enterprises were moving to the cloud, 50 percent were concerned over the security of their data as well as the cloud infrastructure itself. About 48 percent were concerned about performance and availability of cloud service.


 
The finding is supported by analysts from the Burton Group (which is now owned by Gartner), in a report from July 2009, titled Cloud Computing Security in the Enterprise.


 
"Cloud computing," note the Burton Group researchers, "creates significant risks and requires a rethink--but not a reinvention--of security programs and architectures. To the extent that they leverage public or private (community) clouds, organizations must accommodate themselves to security postures emphasizing risk transfer, deterrence, monitoring, feedback, and audit more than preventive control."

 
Moving Away From the Center
 
Traditional approaches to security, in short, are not going to port easily to the cloud environment.


 
The central reason revolves around the lack of a center. Not long ago, security doctrine revolved around putting sensitive information inside a secure firewalled environment, and then hardening the perimeter. Anything inside the firewall was good. Anything outside, not so much.


 
Over the years, the proliferation of mobile devices, remote access and inter-organizational collaboration has punched a growing number of holes in this philosophy of secure computing. Moreover, we are now coming to understand that the "cloud" is less a place "out there" than it is a style of managing computing and communications resources.