Security in the cloud

by Mark Swanson

According to many experts, including those from the Technology Marketing Forum, Gartner Group and Information Week, the No. 1 issue holding back the adoption of cloud technologies in the enterprise is the perception of a lack of security. Like many issues, the truth is probably in between. The old paradigm was creating a secure perimeter — a border, so to speak — to protect your corporate information assets. The new paradigm is what Cisco has labeled ‘borderless networks’ — networks where most, if not all, of your corporate resources must be exposed to the outside world. The old security model is dependent on ‘border patrol’ via firewalls, intrusion detection and prevention systems, demilitarized zones (DMZs), and other perimeter protection methods.

In the new, borderless network, the focus shifts to protection of the data itself. Technical capabilities have basically outpaced the old perimeter model as online collaboration with partners, customers, mobile workers and others outside the physical network becomes more and more important to doing business. The workforce is demanding that they be connected to data resources wherever they are (private or public cloud), using an ever-widening variety of devices: smartphones, notebook computers, tablets and so on. This is great in terms of access to resources, but not so great in terms of security.

The proliferation of applications available as a service has created a demand to access them. The challenge for IT departments is: How do you protect those resources? I believe the only way is to embrace this paradigm and leverage vendor capability. There are five major areas where I see cloud vendors doing a better job at protecting a company’s resources:

■ Platform strength: To be competitive, cloud computing vendors must have platforms that are more uniform than those of most corporate computing centers. Also, cloud providers usually meet standards for operational compliance and certification, in areas like health care (i.e., HIPAA) or finance (i.e., PCI DSS).

■ Data is stored in a single location

■ Better staff knowledge: Because they only focus on one thing, cloud providers train their staffs to specialize in security, privacy and other areas of high interest and concern to an organization

■ Government-mandated security requirements: Cloud service providers are under considerable oversight and regulation by the government and other security authorities to ensure data privacy and security. Telovations, for example, must comply with annual government audits to ensure we have the proper procedures in place to protect sensitive information.

■ Better backup and recovery processes

In summary, when you add up the advantages, one could argue that security in the cloud is better than on the premises.