More than 90% of UK organisations will be using cloud services by the end of the year, with 60% using two or more services that are identified as business critical, according to the Cloud Industry Forum (CIF).
Based upon the current rate of adoption these predictions may well be accurate. However, despite the well-publicised IT infrastructure benefits of flexibility and reduced costs, one serious breach of an organisation’s data held in the cloud could quickly dampen enthusiasm.
The concept of giving access to central computing power through a global network emerged in the 1960s. It has ground through various iterations, from computer time-sharing in the days when few businesses had access to a mainframe, to grid and utility computing, application service provision (ASP) and software-as-a-service (SaaS).
Having invested heavily in their own network infrastructures that meet availability and security requirements, IT departments have been cautious about moving operations to a third party. IT management has recognised that you can outsource operations but you can never outsource responsibility for service, quality and security.
To ensure success, IT is now focusing on developing engagement contracts that clearly define items such as pricing, service levels, service provisioning/de-provisioning, tenant isolation, data processing and movement, security and privacy protection. But the shift is happening and IT is now helping to drive it.
A recent study by Gigaom, compiling responses from 500 IT decision-makers, recorded that security remains a barrier to adoption that must be overcome, but nevertheless 71% of strategic buyers reported they were using SaaS or cloud solutions because these products are more economical and agile than in-house alternatives.
We have reached a point in cloud adoption where the benefits of how and where we work today have become important enough that companies are demanding that cloud providers effectively address trust and security concerns.
As a result, vendors of cloud environments and applications have an opportunity, because of their sheer scale and focus, to get security right. This may especially be the case where many businesses are still struggling to develop the programs and recruit the talent to protect themselves against the growing threat – despite the amounts of money invested to date.
Organisations have spent over three decades building up best-practice models for in-house data security and governance. As a result, they have the foundation and knowledge for what is needed for cloud infrastructures. They know the solutions they need to protect their data and their employees’ and customers’ privacy. And by setting strict vendor requirements, it will allow companies to benefit from access to the cloud. In addition to designing better cloud contracts, companies must also develop and implement processes and techniques to continuously monitor and audit cloud vendor compliance.
But what about the positives of using the cloud? Information security professionals want to be business enablers – so what could the cloud enable for them?
A shift in business computing to the cloud could have security advantages in terms of the ability of the cloud vendor to recruit talent, implement and maintain security tools and technologies, and for them to provide faster visibility about threats, incidents and intelligence.
If cloud providers really did lead the way by using their scale, knowledge and skill to improve threat monitoring and security operations at a time of skills shortage, business could benefit from the move to the cloud. Cloud providers could also use their position to foster innovation – investing in the development and deployment of innovative tools between their infrastructure and those of their customers.
Let’s say, for example, the latest technologies were deployed by cloud providers to ensure files moving in and out of the cloud, which were considered unstructured or unknown, were always clean according to the manufacturers’ standards. This move alone would remove the 96% of malware attacks that currently use files within email attachments to breach an organisation’s defences.
If cloud vendors take on their security responsibilities in a proactive and innovative way, as well as the business benefits of reduced cost and increased agility, cloud adoption could potentially transform enterprise information security and risk models forever.
Sourced from Steve Katz, Glasswall Solutions