Are you still a skeptic about cloud computing?
Do you remember when you refused to bank online because it couldn’t be safe? I do. In fact, I even remember working with one of the leading banks in Canada when the CIO declared that no employees should have access to the Internet—for any business reason, ever. He did not last long in his job.
Over the past 15 years our reliance on the Internet has steadily increased, encouraged by advancements in technology (including security), a culture of instant gratification and an obsession with efficiency. After a year of media frenzy, some of us are still skeptical on whether to adopt cloud computing for enterprise and datacenter expansion. Like the advent of email, I believe that three things are going to force your hand:
1) Internet Pressures: cloud computing is easy and the success of public clouds like Amazon means that your internal “clients” have alternatives for computing power readily available to them
2) Cost savings: it is cost effective and with the economy still uncertain, cost-savings are paramount
3) Competitive advantage: it is being adopted by your competition and it will enable competitive advantage
We have heard from IDC and others that security is an overwhelming concern preventing public cloud deployments. I don’t blame you if you count yourself in this group. The lack of control over the network perimeter is just the start of the list of security challenges that should concern anyone considering cloud computing. In cloud deployments you rely on administrative connectivity to servers and applications accessible only via the internet. The potential for vulnerability exploits from co-located cloud servers and the need to ensure data protection and data integrity in these co-located cloud hosting environments is enough to keep any self-respecting CIO awake at night. And then you start to ask yourself, who owns the logs? Where is my data? How do I prove to auditors that these resources are adequately protected? These are all legitimate questions and concerns. And, as I pointed out above in item 1, these risks are being taken by your constituents, both unmanaged and unidentified.
That said, the sky is not falling from the clouds.
Gartner is predicting 10x growth in the number of virtual machines expected to be deployed over the next 3 years. You are deploying the virtualization technology underpinning cloud environments. With virtualization, you are equipped to create your own private cloud environments.
Rather than being afraid of placing your server resources in the cloud, prepare them to take flight, and choose where and how they fly. There are six areas of security that you need to identify and assess the impact, requirements and complexities of protecting workloads across the traditional-physical, virtualized-private and public cloud computing environments.
Over the next few blog entries, I will be reaching out to experts in our industry. In an interview format we will begin to contrast and compare challenges across these three environments — physical datacenter, virtual and cloud computing — to evaluate what virtualization and cloud computing is imposing on:
- Network Security
- Data Protection
- Host Security
- Identity Management
- Security Information Management
- Vulnerability Management