Guess what? Cloud security is an issue.
Always has been, always will be so long as there are people who want to exploit others.
Security in the cloud is a hot topic, no more so than at the recent RSA Security Conference. People wonder if the cloud is safe place for data. Is that because corporate data centers are so safe now that anything else would be a compromise? Hardly. It’s because more data processing is now done in the cloud than not, and people want to know just how far they can or should go.
With more real work getting done every day in the cloud, you’d think that the question of security would have already been asked and answered. It has, repeatedly. You can find whatever answer best suits you, pro or con. Two issues obscure the discussion. People speak of the cloud as a single amorphous mass, which with each passing day is anything but. People also speak of security in the abstract. What is perfectly secure for one person might land another in jail. In other words, the answer is: it depends.
Our partner SilverSky took one industry analyst to task for being fast and loose with broad assertions in his NetworkWorld article. The analyst stated that security professionals remain suspicious about cloud services providers’ (CSPs’) skills to ensure secure environments. In his post entitled, Some Clouds are More Secure than Others,” SilverSky’s Andrew Jaquith said that the analyst’s statement is not borne out in the realities of the market. “It is hard to give credence to such a strong statement given the number of enterprises that are not holding back and in fact spending more on adoption and deployment of cloud solutions,” said Jaquith.
Seemingly on the opposite end of the analyst spectrum is Forrester Research’s James Staten, vice president and principal analyst, who quite bluntly asserts that enterprises that continue to resist the cloud because of security concerns are running out of excuses.
It’s hard to believe, for example, that smaller companies would be better off going it alone. Rather than attempt to put in place their own security infrastructure and processes and continually maintain them, the cloud would be an obvious preference. Everything scales in their favor … economies, infrastructure, expertise and technology. But again, it depends on the CSP one chooses.
Also coming out of the RSA Security Conference was a 10-point synopsis for eWeek from the highly respected high-tech/business journalist and now technology analyst, Eric Lundquist. Point #9 on his list was, “The cloud as a solution instead of a problem.” With CSIOs facing challenges beyond their means to tackle, Lundquist says that CSPs can marshal more resources to complement enterprises’ digital security programs, leaving them to “focus on protecting the corporate crown jewels.” That’s what it’s all about.
Every CSP is as different as the security needs of individual organizations. Throwing it all in one big barrel and speaking generically about it serves no purpose other than to possibly delay the implementation of a safe, secure computing environment for someone that truly needs it. It’s not just the cloud, and it’s not simply security. It’s about solutions to real business problems.