How Secure Is Your Cloud?

Cloud-Computing

Despite security concerns, cloud adoption is on the rise. Cloud has been a buzzword for some time now, with varying definitions, so it is no wonder there is still a large amount of confusion about what it is and how it can help businesses evolve.

The confusion is increased by the development of different types of cloud:

  • Private cloud is typically internally managed or outsourced to a single vendor, but is effectively controlled by the user and the vendor
  • Public cloud is effectively owned by the vendor and accessed by a multitude of users
  • Hybrid clouds are a combination of Private and Public cloud and are being created more frequently as users keep pace with technology and innovation
  • Virtual Private cloud is a private cloud that exists within a shared or public cloud (i.e. the Intercloud)

In simple terms, cloud is the delivery of computing as a service rather than a product, where resources including software and storage services are shared with computers and other devices (smart phone, tablets, netbooks etc.) over a network, typically the Internet.

What makes cloud exciting is the prospect of the user not requiring extensive knowledge of the physical location or configuration of the system that delivers the service. This can help companies to reduce capital costs, for example, by not having to invest in hardware, software or development to build the right infrastructure, as the expense and management overheads can be transferred to a cloud computing provider. This enables the customer to focus on other areas of the business such as resources and innovation.

One of the main benefits of cloud for customers is the ability to provide on-demand computing, which enables them to rapidly align information technology with business strategies. However, customers are concerned about the loss of direct control over systems they are responsible for and importantly, the risk of cloud insecurity.

It is therefore imperative that the solution provider works closely with the customer to implement the right infrastructure and solution that includes security elements to alleviate concerns.

Customers looking for a cloud service provider should select an organisation with experience and expertise in providing information infrastructure solutions as well as the necessary security protocols as part of the installation to ensure a protected and secure cloud environment.

The cloud service must look to enhance the customer experience by providing additional services such as network analysis, virtualisation, backup, servers and storage – essentially a fully optimised dynamic virtual environment. With the right care and support, customers will reap the benefits.

For example, complete visibility of their network means customers will be able to predict and prevent issues occurring within the infrastructure before they happen, which can have an enormous impact on the profitability and efficiency of any business.

Cloud security refers to the computer, network and information security of cloud computing providers and users, encompassing technologies like data protection, infrastructure and governance issues. Security concerns surrounding cloud computing are generally derived from need for privacy regarding the information stored, compliance with legislation, user company policy and legal or contractual issues. In particular, concerns have been raised about security provision within multi-tenanted public cloud offerings.

Today, businesses and IT leaders are pushing forward with the use of cloud services and the issue of security is rapidly moving to the top of the agenda. Many companies developing and offering cloud computing products and services have not fully considered the implications of processing, storing and accessing data in a shared and virtualised environment.

In fact, many developers of cloud-based applications struggle to include security. In other cases, developers simply cannot provide real security with currently affordable technological capabilities. In addition, many solution providers helping a customer migrate to the cloud fail to spend enough time and effort verifying the cloud offering’s security.

This may be due to the customer’s main reason of moving to the cloud, which is for example, to reduce costs. Solution providers who adopt this approach will see little profit in the cloud relationship and in an event of a security breach, will leave users exposed!

Currently many of the features that make cloud computing attractive can also be at odds with traditional security models and controls. There are considerable obstacles to securing data accommodated and controlled by a company other than its owner. This is often amplified with regard to public cloud, where communications, computing and storage resources are shared and data is often mixed.

Whilst there is no such thing as faultless security in a cloud environment, solution providers should strive to achieve the highest level of security, which will not only provide strong, trusting relationships with customers, but will also adhere to the many regulation standards that exist- especially as cloud evolves and regulation and compliance become intrinsic.

For those already in the cloud or planning to move their infrastructure to a cloud model be it private, public or hybrid, they should consult with their solution provider to ensure that security has been considered and included from the outset.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Richard Flanders is Marketing Director at MTI Technology. He is responsible for all marketing and product marketing programmes within the company. Respected and well-known as a thought-leader within the virtualisation sector, Flanders’ expertise lies in marketing and portfolio development around virtualisation, data centre consolidation and cloud infrastructure for public and private cloud solutions. Flanders has over 20 years’ experience in the IT industry and prior to MTI, he held product marketing and business development responsibilities at Emerald Systems, Computacenter, Morse, Fujitsu Siemens Computers and VMware.