By David Hunter
Recent high-profile data breaches shine a spotlight on the issues of trust, risk and security in the cloud. Yet, amid all the hand-wringing about perceived cloud computing security shortcomings, a deeper look yields a great irony: a mature cloud architecture is actually more, not less, secure than traditional IT environments.
With the volume of data in the cloud expected to grow more than 50 percent over the next 18 months, not to mention the ever-expanding array of devices in user’s hands, IT executives understandably fear they will lose a measure of control. For companies that rely on public cloud services, the fears are even more pronounced. And without a well-thought out set of governance, risk and compliance measures for the cloud, a company’s fears could certainly become reality.
The Cloud Changes Everything
Cloud computing is forcing a fundamental rethinking of IT. CIOs and IT security executives must understand that the cloud’s underlying technology — virtualization — is driving this shift. Specifically, this entails a move from physical resources to virtual resources, a richer and expanded role for automation and management, and increased visibility and control of IT resources.
Virtualization provides a new infrastructure layer that focuses not on perimeters and physical machines but on applications, data and users. Tools for managing virtualized environments already dynamically provision computing resources and enable enterprises to fluidly use both private and public clouds.
This approach also can apply to security. Organizations can use virtualization to increase visibility into applications and introduce more automation for securing them, as well as applying security policies to public cloud resources.
This approach puts the CIO back in control while at the same time enabling freedom and flexibility for users. For years now, business units have been turning to the cloud to meet their peak computing needs with or without IT security approval, causing those companies who choose to sit on the sidelines to fall behind in securing their growing cloud footprints.
Rather than find themselves forced to react to such rogue environments, IT security leaders must instead understand the security requirements of doing business in the cloud, ask the right questions to ensure that they are providing the right level of protection, and drive service level agreements that guarantee requirements will be met.
Leading the Journey to Cloud
The task facing IT security executives as they help usher their companies into cloud computing is daunting, but there’s also good news for them. The shift to the cloud is transforming the security role from a tactical focus on babysitting firewalls and cleaning spyware off infected PCs to the more strategic and business-enabling job of assessing whether technologies pose acceptable or unacceptable risks to the company.
The better IT security executives are at pinpointing and evaluating potential risks, the more valuable they become to their companies.
Consider this statistic: According to IDG Research, the business impacts of security incidents — financial losses, data breaches, damage to brands and reputations, and so on — have increased by as much as 233 percent during the past few years. By taking necessary steps to create more secure cloud computing environments, companies can reduce the number and impact of those incidents while enabling more agile IT systems for their enterprises to use.
This is not to suggest that IT security professionals should ignore their skeptical instincts when it comes to the cloud. However, they should not allow these concerns to sidetrack their journeys to the cloud.
The cloud should be viewed as an opportunity to advance the overall business. In doing so, security professionals will help lead their enterprises into the cloud era, securely.
Guest blogger David Hunter is VMware’s CTO of Platform Security.