How to know if your cloud computing will be safe and secure Featured

8:01pm EDT March 31, 2011
How to know if your cloud computing will be safe and secure

According to many experts, including those from the Technology Marketing Forum, Gartner Group and Information Week, the No. 1 issue holding back the adoption of cloud technologies in the enterprise is the perception of a lack of security.

IT professionals envision environments where cyber criminals freely roam the network like trolls picking away morsels of valuable information. Others claim that the cloud is a perfectly safe place to store your information or conduct financial transactions. Like many issues, the truth is probably in between.

“It is not the cloud that is more or less secure — the entire industry is morphing into a new paradigm,” says Mark Swanson, the CEO of cloud communications provider, Telovations, Inc., headquartered in Tampa, Fla.

Smart Business spoke with Swanson, who also has experience in the IT security field, about cloud computing and how to ensure that your cloud solution is safe and secure.

What do you mean when you say the industry is morphing into a new paradigm?

The old paradigm was creating a secure perimeter — a border, so to speak — to protect your corporate information assets. The new paradigm is what Cisco has labeled ‘borderless networks’ — networks where most, if not all, of your corporate resources must be exposed to the outside world. The old security model is dependent on ‘border patrol’ via firewalls, intrusion detection and prevention systems, demilitarized zones (DMZs), and other perimeter protection methods. In the new, borderless network, the focus shifts to protection of the data itself.

What is the driving force behind these ‘borderless networks’?

If you look at what’s happened in the last five years, you can see that corporate networks are going away — they are undergoing a ‘de-perimeterization.’ Technical capabilities have basically outpaced the old perimeter model as online collaboration with partners, customers, mobile workers and others outside the physical network becomes more and more important to doing business. The workforce is demanding that they be connected to data resources wherever they are (private or public cloud), using an ever-widening variety of devices: smartphones, notebook computers, tablets and so on. This is great in terms of access to resources, but not so great in terms of security.

So the borderless network is a way to access cloud resources?

The proliferation of applications available as a service has created a demand to access them. The challenge for IT departments is: How do you protect those resources? I believe the only way is to embrace this paradigm and leverage vendor capability.

Can vendors do a better job protecting data than the companies themselves?

Let’s look at the realities of data security in this new world. The most famous breach of this decade did not come from a hacker trying to break through a firewall. The data on WikiLeaks came from a company insider downloading information onto a thumb drive and handing it off to Julian Assange. The easiest way to get information is to get someone on the inside to give it to you. But, the vast majority of companies don’t have the resources, time, money and skills to protect against things like this. Cloud vendors are better at protecting information than most companies that do it themselves.

How are cloud vendors better at security?

There are five major areas where I see cloud vendors doing a better job at protecting a company’s resources:

  • Platform strength: To be competitive, cloud computing vendors must have platforms that are more uniform than those of most corporate computing centers. This uniformity facilitates platform hardening and enables better automation of security management activities like configuration control, vulnerability testing, security audits and security patching. Also, cloud providers usually meet standards for operational compliance and certification, in areas like health care (i.e., HIPAA) or finance (i.e., PCI DSS).
  • Data is stored in a single location: Most companies these days have a mobile work force and data can be dispersed on laptops or other devices, making it vulnerable to theft or loss. With the cloud you don’t have to worry about this. Data maintained and processed in the cloud is stored in one location and securely accessed from anywhere, making it less prone to data loss or theft.
  • Better staff knowledge: Because they only focus on one thing, cloud providers train their staffs to specialize in security, privacy and other areas of high interest and concern to an organization. Through increased specialization, staff members can gain in-depth experience, take remedial actions and make security improvements more readily than otherwise would be possible.
  • Government-mandated security requirements: In a public market, the government imposes certain security requirements that vendors must meet. Cloud service providers are under considerable oversight and regulation by the government and other security authorities to ensure data privacy and security. Telovations, for example, must comply with annual government audits to ensure we have the proper procedures in place to protect sensitive information.
  • Better backup and recovery processes: The backup and recovery policies and procedures of cloud service providers are  superior to those of the business. They back up every night because they have to! Data maintained within a cloud can be more available, faster to restore and more reliable in many circumstances than data maintained in a traditional data center. For that reason, cloud services can also serve as an off-site backup storage for an organization’s data center, in lieu of more traditional tape-based off-site storage.

In summary, when you add up the advantages, one could argue that security in the cloud is better than on the premises.

MARK SWANSON is the CEO of Telovations, Inc. Reach him at mswanson@telovations.com.