Cloud computing gets immense attention these days as a profound agent of change affecting how IT serves the business. In particular, Cloud computing has begun the untethering of employees from their desks and their offices. Because the mobility of today’s, and tomorrow’s workforce cannot happen without the Cloud.
Yet worries about Cloud security abound, and for good reason: Cloud computing that involves processing sensitive or regulated data in shared environments needs extra scrutiny in terms of security (as well as codifying requirements, defining a cloud services contract, managing the transition from in-house to cloud, and overseeing the resulting mixed IT environment).
Cloud security is at risk when…
- You don’t have an adequate Cloud-oriented governance/risk/compliance framework,
- The hypervisors in your virtualized infrastructure harbor vulnerabilities that can be exploited,
- It’s possible to infer information about one virtual machine by observing the state of the shared system from another aspect of the underlying system — which might enable malicious code execution, or
- When vulnerabilities are introduced by incorrect configuration of a hypervisor and/or its related tools.
The Frost & Sullivan study from which the above figures come shows a widespread belief that new skills are required for secure Cloud computing, including a detailed understanding of Cloud computing, enhanced technical knowledge, and contract negotiation skills.
Yet for all the fear about lack of Cloud security, the truth is that classic siloed IT environments are so complex, cumbersome, and riddled with years of undocumented changes that visibility is a real, serious issue.
By contrast, Cloud infrastructures built with virtualization technologies — and just about all Clouds are built on virtualization — provide greater visibility than legacy IT environments. Well-constructed and well-managed Cloud environments function as centralized, 24/7 application and data repositories, so enforcing compliance policy and retrieving compliance-related data is straightforward, making compliance stronger and auditing easier and more efficient. And Cloud security policy is easier to enforce, making threats to apps and data easier to detect and address.
Finally, the right host Cloud services providers invest in and maintain leading-edge security technologies and capabilities, and employ experienced security experts who spend all their time keeping the Cloud infrastructure protected — unlike many in-house IT infrastructures, where security is often more haphazard.
Which means, ultimately, that it’s actually easier and more cost-effective to secure Cloud environments than legacy IT environments.
Related Cloud Solution Posts:
Cloud Computing Solutions
Cloud Feasibility Assessment