Security considerations critical in the cloud
That was the message from analysts at a conference, “Gaining business and technical advantages from cloud, SaaS and hybrid security services,” held Thursday in New York, and sponsored by consultancy IDC.
Cloud security is sometimes being driven – along with the cost saving benefits it provides – by what analysts referred to as “appliance fatigue,” or the frustration of having to manage numerous on-premise security products.
But while some smaller organizations might ultimately replace all in-house solutions with cloud security services, the majority – especially larger organizations – see the technology as a complement to their existing solutions, analysts said.
Before turning to the cloud, though, corporate decision-makers must consider a number of factors, including what cost savings, scalability, reliability and functionality the third party will provide, said Brian Burke, program director of security products at IDC.
When evaluating moving to the cloud, security professionals should consider the cost of maintaining their current investments, potential changes to compliance regulations in the future, and whether the cost of a potential breach justifies the investment, analysts said.
Performance is one of the most important considerations for cloud security, and organizations must ensure that the vendor with which they contract has adequate internal protections to minimize latency and avoid disruptions in services. Burke warned that if latency is introduced, help desk calls could rise dramatically.
To combat this possibility, the cloud vendor should provide a service-level agreement to ensure reliability, analysts said.
In terms of functionality, businesses must realize that in today's environment, web and email threats are not mutually exclusive, so look for a cloud vendor which has expertise in both, Burke recommended. When looking to secure a virtualized environment in the cloud, choose a solution that provides a single console to manage all devices.
And, one of the key risk mitigation defenses is a multitenant architecture [different services with a shared code-base that appear different to end-users], though it requires high-speed routing, switching and load balancing, added Chris Christiansen, vice president of security products and services at IDC.