Question: What exactly are the top security issues that cloud vendors need to address?
Somehow I am getting a sense of déjà vu on cloud security. Don’t get me wrong folks, but the cow is already out of the barn. After all, more than 69% of all consumer Internet users have used at least one cloud service in the past year and that doesn’t include the nearly 100% of all consumers who are using web mail services such as Gmail, Yahoo and others of their ilk.
On the other hand, businesses and enterprises are not rushing to jump on the cloud computing band wagon in the same kinds of numbers. So what is holding companies back from taking the very real advantages that cloud offers? We can argue that business requires a higher level of security and validation than the average consumer, but the simple answer is really a large dose of inertia, fear and doubt. That is, all the usual reasons that businesses use as excuses to wait for the consumer products and service to prove their worth before committing precious corporate IT resources.
In a survey conducted by IDC in August 2008 and June 2009, concerns about security topped the list of challenges for 88.5% of the respondents, followed closely by performance (88.1%) and availability (84.8%). Clearly security is a major impediment to a cloud architecture implementation for many organizations. It will need to be properly addressed before cloud architectures will be fully embraced by the business community.
Cloud security issues can be divided into three major categories, business, regulatory and technical. Business issues generally can be quantified as risks to the business in whatever form. Major business concerns for the enterprise include:
- Legal issues related to the control and protection of intellectual property and sensitive business information
- The difficulty of establishing end to end business data validation
- Regulatory issues related to data ownership and proper handling procedures
- A perception of increased potential for data and business loss
- Risk of reduced data or systems availability
- Proper integration of the mix of secured data residing both in the cloud and on the internal corporate networks
The major global regulatory issues that influence technical and business decisions around cloud computing architectures include:
- Rising consumer data protection laws around the world
- PCI Compliance and the need to ensure end to end data protection
- Banking regulations
It is clear that many of the business and regulatory issues can be addressed with properly secured cloud architectures, applications, networks and systems, but cloud and network security is quite complex. It encompasses such diverse disciples such as networking, application development, database architectures and designs, hardware architectures, and systems design. Many standard network security best practices developed for the enterprise are inadequate to handle the new cloud architectures. However, by taking a network services approach to the architecture of cloud services, there are many advanced methods that can be used to address cloud security issues and allay most if not all of the business owners concerns.
About the Author
Beth Cohen, Luth Computer Specialists, Inc.