Security considerations critical in the cloud

Share this article:
With the dragging economy as a driver, IT departments are increasingly realizing the benefits of cloud security, but business leaders must ask themselves a few questions before handing over control to a third-party.

That was the message from analysts at a conference, “Gaining business and technical advantages from cloud, SaaS and hybrid security services,” held Thursday in New York, and sponsored by consultancy IDC.

Cloud security is sometimes being driven – along with the cost saving benefits it provides – by what analysts referred to as “appliance fatigue,” or the frustration of having to manage numerous on-premise security products.

But while some smaller organizations might ultimately replace all in-house solutions with cloud security services, the majority – especially larger organizations – see the technology as a complement to their existing solutions, analysts said.  

Before turning to the cloud, though, corporate decision-makers must consider a number of factors, including what cost savings, scalability, reliability and functionality the third party will provide, said Brian Burke, program director of security products at IDC.

When evaluating moving to the cloud, security professionals should consider the cost of maintaining their current investments, potential changes to compliance regulations in the future, and whether the cost of a potential breach justifies the investment, analysts said.

Performance is one of the most important considerations for cloud security, and organizations must ensure that the vendor with which they contract has adequate internal protections to minimize latency and avoid disruptions in services. Burke warned that if latency is introduced, help desk calls could rise dramatically.

To combat this possibility, the cloud vendor should provide a service-level agreement to ensure reliability, analysts said.

In terms of functionality, businesses must realize that in today's environment, web and email threats are not mutually exclusive, so look for a cloud vendor which has expertise in both, Burke recommended. When looking to secure a virtualized environment in the cloud, choose a solution that provides a single console to manage all devices.

And, one of the key risk mitigation defenses is a multitenant architecture [different services with a shared code-base that appear different to end-users], though it requires high-speed routing, switching and load balancing, added Chris Christiansen, vice president of security products and services at IDC.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

VBA malware on rise, templates make it easier to write code

VBA malware on rise, templates make it easier ...

Researchers at SophosLabs found an uptick in VBA samples in July.

Analysts spot 'Critolock,' ransomware claims to be CryptoLocker

Trend Micro noted several differences between Critolock and CryptoLocker, however.

Citadel used in APT attacks against petrochemical firms

Citadel used in APT attacks against petrochemical firms

In an interesting twist, financial malware Citadel was used to infect firms outside of the finance sector via APT attacks, Trusteer found.