For the most part the hype surrounding cloud technology has subsided, with many rank and file technology users adopting the third party storage system as simply another step towards experiencing the dream of an all-encompassing digital lifestyle. But while consumers have no issues with the cloud, the same cannot be said for the corporate sector, with many IT departments still looking at the cloud with a critical eye, with all worries centering around one major issue: security.
While a large majority of American companies utilize the cloud for information storage, the annual Information Security Trends Study conducted by the IT industry association CompTIA showed that only a paltry 13 percent of said companies were comfortable storing critical information on the cloud.
The security concerns for most IT departments, the study found, revolve primarily around three key issues: the slow development of cloud security and a lack of cloud management expertise, inexperience in outsourcing key information storage, and, most importantly in my mind, a distinct transparency void from cloud providers regarding multi-tenant servers.
Simply put, corporate America will have issues trusting the cloud until a few things can be resolved; cloud security is enhanced so that providers are able to give guarantees about information safety, a vital point for companies who need to keep their critical IT private; IT departments learn more about how to manage information on the cloud, given that they will no longer have proprietary control over it; and finally companies will want to know their cloud neighbours. That is, who will they be sharing the servers with and do those other tenants pose any sort of security risk.
In regards to the first issue, cloud security in theory isn’t all that different from security protocols for any other network. There still exists the ongoing challenge of protecting the network from known and new threats and exploits, but cloud computing offers new challenges that IT departments need to be prepared for.
That means, as TechNewsWorld writer Bryan Doerr explains, IT departments will “need to know the types of security solutions they need — firewall management, intrusion prevention and detection, Web application firewall (WAF) management, audit services, etc. — and determine whether they can get them from their service provider or if they already exist in their current arsenal and can be adapted to their cloud implementations.”
In regards to outsourcing, the issue for corporate America is that for the first time the tech world is asking these companies to outsource their information security, trusting that cloud providers can uphold the same level of security that the companies themselves employ. Simply stated, companies need to learn how to make their security desires heard by cloud providers and they need to find ways of holding those providers accountable.
Finally, much of the concern surrounding cloud technology has to do with the new threats generated by multi-tenant servers, that is, third party servers that hold information from multiple sources. As Doerr explains, “It is important to know how individual virtual machines, sharing a physical server, are segregated. How is the data protected, and how are the networks secured?” If the management layer of the server is vulnerable to attacks, for instance, all the information stored on that server is vulnerable as well.
In the end, there’s no question in my mind that cloud computing is here to stay, the hesitance shown by corporate America simply evidence that cloud technology is still in its infancy. Enhance cloud security, however, and the corporate sector will soon be on board.