0845 371 0339
Security in the Cloud
2010-12-21 05:04:42
As we near the end of 2010, a year which has seen the uptake of Cloud services grow massively (Gartner estimate that Public Cloud spend now makes up 10% of all external IT spend), we still hear about the supposed lack of security in the Cloud. In this blog, we will explore the reality of the security situation in the Cloud.
Firstly, it is useful to identify who exactly has these security concerns. It is tempting (and sometimes correct) to blame these concerns on traditional hardware vendors, who undoubtedly muddy the waters regarding Cloud Security. The reasons for this are obvious; to protect their core business of selling hardware to enterprises. However, as Tier 1 vendors like HP and Dell increasingly embrace the Cloud (sometimes with a pretty tenuous definition of 'Cloud'), it is no longer in their interest to shed 'Fear, Uncertainty and Doubt' on the Cloud. So is it end users themselves who have the concerns? Yes, according to the data. Take the recent survey of CIO's conducted by Cloud Consultancy Savvis, which indicated that only 21% felt that Cloud Computing met their security requirements. Pretty damning statistic, but how does this stack up against Gartner's recent claim that 'Cloud Security is Better than What You Have Today'?
Take a typical 'Cloud Provider'; they have dedicated technical security staff, who spend 100% of their time working on keeping the cloud secure. Could a typical enterprise say the same? Outside of large enterprises - probably not. Security is often part of the remit of a Network/Systems Engineer. Undoubtedly, these people do a good job in most cases, but it would be virtually impossible for their security knowledge to be at the same level as a dedicated security professional.
Moving onto physical security at the datacentre level - any reputable Cloud provider will be located in a Tier 3+ datacentre, which will have all of the relevant accreditations and physical security measures. Additionally, some Cloud providers, such as SymetriQ have even more rigorous measures in place at the datacentre level: All staff in the SymetriQ datacentre have government level Security Clearance, enabling us to work with Government agencies. Compare and contrast to the security measure employed in server rooms in the SMB sector. Again, while there will no doubt be many examples of excellent security in server rooms/datacentre in mid-tier enterprises, we have all seen situations where physical security is virtually non-existent.
From a purely commercial point of view, the incentives for a Cloud provider to ensure the highest levels of security are obvious. Any breach of security at a Cloud provider would (quite rightly) be highlighted by the media, potentially causing real damage to business. Whilst a security breach at an enterprise is more likely to escape such criticism (apart from some high profile sectors). This contrast is not lost on Cloud providers, hence the reason for the additional levels of security outlined above.
The reality of many 'cloud security breaches' is simply that they are no different from security breaches in traditional environments, with malicious behaviour (either internal or external) at the root of them. The risk of these breaches can be reduced by having the correct measures in place in terms of personnel screening internally and robust security policies in the IT environment. Who is more likely to have this in place? A reputable Cloud computing provider or a small to medium business? I think we know the answer to this one.
In summary: Are fears over security in the 'Cloud' unfounded? No, they are not. Are they overblown? Probably, yes. Are these fears going to go away? The answer is no - but this is not necessarily a bad thing, as it ensures that Cloud providers are continually striving to increase the levels of security in the Cloud.
If you have any real concerns over putting your data into the Cloud, speak to some Cloud providers and see how their security policies measure up against your own. You may be surprised.....
Johnny Paterson
Share and Enjoy:
