Security considerations critical in the cloud

Share this article:
With the dragging economy as a driver, IT departments are increasingly realizing the benefits of cloud security, but business leaders must ask themselves a few questions before handing over control to a third-party.

That was the message from analysts at a conference, “Gaining business and technical advantages from cloud, SaaS and hybrid security services,” held Thursday in New York, and sponsored by consultancy IDC.

Cloud security is sometimes being driven – along with the cost saving benefits it provides – by what analysts referred to as “appliance fatigue,” or the frustration of having to manage numerous on-premise security products.

But while some smaller organizations might ultimately replace all in-house solutions with cloud security services, the majority – especially larger organizations – see the technology as a complement to their existing solutions, analysts said.  

Before turning to the cloud, though, corporate decision-makers must consider a number of factors, including what cost savings, scalability, reliability and functionality the third party will provide, said Brian Burke, program director of security products at IDC.

When evaluating moving to the cloud, security professionals should consider the cost of maintaining their current investments, potential changes to compliance regulations in the future, and whether the cost of a potential breach justifies the investment, analysts said.

Performance is one of the most important considerations for cloud security, and organizations must ensure that the vendor with which they contract has adequate internal protections to minimize latency and avoid disruptions in services. Burke warned that if latency is introduced, help desk calls could rise dramatically.

To combat this possibility, the cloud vendor should provide a service-level agreement to ensure reliability, analysts said.

In terms of functionality, businesses must realize that in today's environment, web and email threats are not mutually exclusive, so look for a cloud vendor which has expertise in both, Burke recommended. When looking to secure a virtualized environment in the cloud, choose a solution that provides a single console to manage all devices.

And, one of the key risk mitigation defenses is a multitenant architecture [different services with a shared code-base that appear different to end-users], though it requires high-speed routing, switching and load balancing, added Chris Christiansen, vice president of security products and services at IDC.


Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Skills in demand: Communications and messaging experts

Skills in demand: Communications and messaging experts

The demand for infosec-focused communications and messaging pros is growing.

Company news: New execs at Malwarebytes and an acquisition by VMware

The latest mergers and acquisitions and personnel moves, including Malwarebytes, Abacus Group, VMware, Bay Dynamics, vArmour, Secunia, Norse and more.

Bridging the talent gap in health care

Bridging the talent gap in health care

Cybercriminals are primarily after patient data as it really gets them more money.