Cloud computing is one of the most significant technological trends we have witnessed and has the potential to change the very way we work. It is, however, important for CIOs to understand that we are currently in a pre-standard era of cloud computing and as such each organisation needs to be mindful of the myriad of security issues surrounding the cloud. Patrick Eijkenboom, principal consultant at NetIQ, suggests taking a measured approach and asking five security questions before jumping into the cloud.
The cloud is going to disrupt everything in every industry. Organisations are going to remake themselves along the lines of cloud computing. Governments and media across the globe are supporting initiatives where organisations are encouraged to look to the cloud first for any new IT environments or updates.
The adoption of cloud computing has created significant challenges due to the variable security standards and practices in place for different cloud vendors and the changing threat environment. While these challenges may not be new in terms of security, the cloud quite simply amplifies these issues.
The best advice for CIOs is not to get caught up in the hype and rush to put everything into the cloud. Not all applications are necessarily appropriate for moving to the cloud, especially when it comes to security. CIOs should carefully consider the following five security questions.
1. How big is your organisation? We don't need to be told that the size of an organisation has large implications on relevant security issues. For smaller businesses, the cloud can often be a more secure way to operate by moving all systems into a common management framework. For medium to large enterprises, there has been a lean toward more private cloud adoptions, with public cloud adoptions not inclusive of all key systems, but a justifiable percentage.
2. What cloud environment are you looking to adopt? CIOs need to define the cloud environment, looking at the fundamental choices between public cloud, private cloud and hybrid cloud models, and taking into consideration there is no 'one size fits all' approach. Private clouds often enable greater protection of an organisation's IP and allow SLAs to be protected and maintained, while public clouds allow for the utilisation of public cloud services. Most organisations are finding that a hybrid cloud model enables greater capabilities, but it is important to ensure security is applicable to both sides of the cloud.
3. What are the security regulations and requirements you must work within? And what are the gaps between those requirements and the available parameters on the cloud? Define the regulations your organisation needs to work within. Take note of sensitivity of company data and customer data. Look at your regulatory environment closely and ensure that clouds can support those international regulation and standards requirements. Ensure encryption requirements can be applied to all cloud environments and ensure you can manage access in public cloud.
Sign up for CIO Asia eNewsletters.