Security - Clouds of confusion

Adding to this confusion is the variety of services available from Cloud Computing.  The most commonly talked about is Software-as-a-Service (SaaS), where business applications like desktop productivity, accounting, collaboration and enterprise resource planning are delivered to the users desktop on demand. At the other end of the Cloud is Infrastructure-as-as-Service (IaaS), which enables organisations to purchase processing, operating systems, storage and networking on a utility basis. 

 

The over-emphasis on the freedom the Cloud brings seems to have left many believing that it has a Zen-like existence, floating within the internet in an open access environment.  This has led to deep-routed concerns over the suitability of the Cloud to hold sensitive and confidential data securely.  But even with SaaS and IaaS the software, applications and physical infrastructure have to exist somewhere and travel from that place to the user. This requires a physical delivery platform and it is this that dictates how secure the Cloud really is. 

Three out of four businesses think so, rating security in the Cloud as their biggest challenge. It is fair to say that sharing resources from a vast, undifferentiated pool of servers and switches carries its own real risks; it is the path to the Cloud that businesses need to address first. Any Cloud, however secure, that relies on the public internet to connect it is exposing its data to unnecessary risk. 

One alternative to a public Cloud environment is the private Cloud . Private Cloud s do not cross the public internet; they enable the same high level of protection of established private networks, but with the flexibility of an internet access model.  Some question whether the private Cloud is a misuse of the term ‘Cloud ’ due to its inference around open accesses shared resources, however, the principles of pooling resources and on-demand service are ever-present in this scenario.

 

By taking a slice of an IP network that is separate and securely partitioned from the internet, organisations can benefit from service level guarantees around the availability and performance of their computing resources. For corporations, this is the biggest advantage of the private Cloud - vastly improved security, with the flexibility of the public Cloud. 

 

Data in the Cloud is like any other data governance issue: if it is poorly managed then it will be insecure; if it is properly managed then it is more secure. The Cloud doesn’t naturally make your data vulnerable; security remains a function of how you control access to the data, the defences remain the same. 

 

Unlike the public internet, security measures such as DDoS protection, firewalls, and intrusion detection and prevention technologies should come as standard in private Clouds. There are legislation stamps to monitor whether the latest security measures are adhered to. By classifying data and then building the right layers of protection around it, organisations can be assured that their assets are secured.

The very fact that private Clouds are built on assured and dedicated infrastructure to guarantee control and greater security, generally means that it is a more expensive option.  After all, purchasing the infrastructure resource and the power to transform a data centre into a private Cloud, not to mention centralising computer and storage systems, requires significant capital.

 

The downside is that these Clouds generally don’t deliver the key advantages of Cloud computing: open access to your community, efficiency and the ability to rapidly flow data and computing resource over your “own private internet” to the entire business.  These are best served through using a provider’s Private IP network, enabling the organisation’s network to access shared corporate computing resources, whilst remaining separate and secure from the internet.

 

Private Clouds bought in this way, as a service, build Cloud computing into your corporate network infrastructure, offering a secure Cloud environment with guaranteed availability, inherent disaster recovery, as well as flexible and scalable capacity. 

 

As the name suggests, the hybrid Cloud sits between public, private and more traditional ways of managing IT. If your IT department has just invested in physical infrastructure or if you’re running an application that won’t run on a Cloud-based service then you can create a “hybrid Cloud ” allowing you to push some of your data into a private or public Cloud . 

Cloud computing services are still developing and the fog of confusion around it and security implications are creating hurdles to adoption. That said, the benefits of flexibility, scalable costs and enhanced performance, are too good to ignore. Cloud Computing has the power to fundamentally shift the economics of how organisations acquire and use IT, in line with their ever-evolving business needs. 

 

But organisations don’t just have to maintain security levels, they need to improve them. Simultaneously, they must increase access and transparency internally and externally. While business executives have long realised that access to required information everywhere enhances productivity, up until now, many organisations have had to choose between security and efficiency. The secret to unlocking the cloud, and getting both, is ensuring they understand how their cloud is accessed and connected, in essence who controls the ground beneath the Cloud. Then the organisation can select the cloud delivery platform that matches their security requirements.