Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

A clearer view of cloud computing security now that the haze is gone

Scott Cain, chief architect, Customer Innovation and Portfolio, BT Global Services | July 25, 2012
The cloud is here to stay because most organizations are looking to the cloud for "extension" -- the capability to take their business in new directions faster, rather than simply as a method of cost management. And now that the hype haze has disappeared, we have a much clearer picture of how to get the best from the cloud.

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

The cloud is here to stay because most organizations are looking to the cloud for "extension" -- the capability to take their business in new directions faster, rather than simply as a method of cost management. And now that the hype haze has disappeared, we have a much clearer picture of how to get the best from the cloud.

This is a crucial time for IT managers. The cloud computing and consumerization (BYOD) technology waves are changing the distribution of IT control: Users are taking more control of the devices they use; business managers are taking more control of the budgets; and service suppliers are taking more control of the data they handle. CIOs and IT managers who want to contribute to their organization's acceleration in 2012 need to be able to coordinate these different elements in a much wider scope than ever before to retain control. It's time to adapt or be swept aside.

IN THE NEWS: Amazon opens up about its cloud security practices, joins CSA registry

MORE: Experts explain greatest threats to cloud security

While traditional information and communications technology approaches focus on owning and controlling resources, assets and contracts, a practical and balanced benefit-risk cloud assessment involves new ways of thinking and a shift of focus on accessing evolving services.

Part of the pragmatic trade-off is identifying and tackling the biggest security concerns associated with the cloud: corporate data confidentiality, privacy, compliance, and the integrity of services and/or data. Some enterprises try to protect everything against every imaginable threat; others spread whatever they can afford evenly, hoping this will keep attackers at bay.

Instead, finding the right trade-off for your organization involves determining your organization's appetite for risk -- i.e., the amount of risk you're prepared to take in each area of your operations. Then you can start to think about not just the defenses you need to put in place but the processes you need to enforce your security policies. And then you can initiate the cultural move from a zero-risk/zero-breach mentality to a predict-and-prevent/risk-resilient mentality.

Here are eight essentials to keep your data secure in the cloud:

1. Plan and research. Understand exactly what you want to achieve and what type of data you want to move to the cloud. Research the market and the different services, service level agreements and security features available. Investigate hosting and find out the regulatory implications of data being stored in different countries.

2. Look for a supplier you can trust. You need a relationship grounded in a shared understanding of accountabilities and expectations.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.