Making the cloud secure and successful
Enrique Salem, president & CEO, Symantec
We are in the midst of the information economy. No matter what business you're in, chances are you are already competing in a market where success depends on how well you create, manage and share information – whether it is intellectual property, content or ideas. What makes information so powerful today is how easily it can be distributed, how quickly it can be duplicated, and how it can be accessed and searched. Of course, the very things that unlock the value of information also threaten to undermine it. Minute by minute, day by day, as the information that flows within our networks continues to grow, we are all challenged to make sure that it is secured and managed at all times.
Perhaps the most exciting development in technology we will see in the next decade is cloud computing. There are big potential benefits in cloud computing to both IT organizations and end-users. Cloud-based services allow organizations to scale their capabilities in response to changing business requirements, and provide computing power, applications or storage – on-demand to end-users as needed. Pay-as-you-go models are attractive as they drive greater predictability and control around cost, an essential consideration as budgets remain tight.
Cloud model requires new ways to protect information
Cloud computing represents a major shift within IT – moving from a traditional IT delivery model to a service-provider/service-consumer model. This shift will not happen overnight. Making cloud computing a successful reality will ultimately hinge on the relationship between the service provider and the organizations consuming the services. And security is a chief concern that could stand in the way of long-term adoption of cloud computing.
Security concerns around cloud computing are only heightened by a growing threat landscape in which cybercriminals and hackers are more determined than ever to steal confidential information. In 2008, 70 percent of cyber attacks targeted confidential information, and last year that number skyrocketed to 90 percent. Whatever the model – private, public or hybrid clouds – end-users and IT will need to have full confidence that their information can be protected in order for this trend to completely evolve.
New requirements on security
Cloud computing places new requirements on security. To begin with, from an infrastructure perspective, security will need to move closer to the applications and data. In a shared services architecture, it isn't sufficient for security to simply protect the cloud perimeter, the data center or even the individual servers and storage arrays. Cloud computing will require security technologies that can protect the specific application modules, virtual machines and storage volumes and disks associated with each customer.
Additionally, stronger information-centric governance approaches will be needed to ensure governance policies are met. Content-aware technologies can now address one of the biggest problems plaguing IT today – unstructured data growth and ownership. Understanding what data exists, who owns the information, and how it's being used is a critical step. If you don't know who the information belongs to or how it's being used, it's almost impossible to create appropriate governance policies.
Another critical requirement is the need for security and compliance technologies to evolve to provide the increased visibility that will drive confidence in the service-provider/service-consumer model. Going beyond verbal assurances or written SLAs, service consumers need real-time visibility into their cloud vendor's security posture so that they can trust that their information is being secured and managed in accordance with their governance policies. In the future, security and compliance tools will be required that manage across distributed multi-tenant clouds and across on-premise solutions. Industry standards will also help drive the transparency – S-CAP for example, can create a common way to query the cloud infrastructure about its security posture. Standards can be leveraged across various security tools, such as compliance solutions, to provide assurance that the right controls are in place.
Finally, the development of cloud-based security services will provide the potential for IT to reduce complexity around managing security and focus on what is relevant for their business. But as cloud computing continues to evolve, organizations will likely choose the model that works best for them, creating many different scenarios. As a result, interoperability between on-premise security tools and cloud-based services will be critical so that they can work together to maximize the benefits that they both bring.
A secure future
The explosion of cloud computing is an exciting trend that is driving our industry forward and propelling the evolution of the information economy. More access to information will bring greater productivity, more collaboration and better ideas. If done right, we as a security industry have the opportunity to enable the future of the information economy, to nurture it and provide a path for organizations to seize opportunities with confidence.
If we work together, we can help the information economy reach its full potential.