The cloud is changing the way organizations around the world do IT. Attracted by lower costs, improved efficiency, and faster development and deployment times for apps, users everywhere are migrating to this new computing model in droves, with or without the blessing of IT. Yet security is a top concern due to the loss of control of a physical infrastructure.
The challenge of balancing that greater business agility with security risk while keeping costs down is not an easy job. But it’s one that cloud managers will have to confront to be successful. And just like in a game of soccer, a winning strategy must be built on solid defense.
To articulate the challenges of cloud security, Trend Micro recently commissioned Forrester Consulting to survey IT professionals tasked with public cloud security projects. 70 percent said the public cloud was an integral part of the product or service they offered to customers.
And it’s no surprise that security was a concern to three-quarters (76 percent) of them.
In the public cloud, security is a shared responsibility. The cloud service provider will secure up to the hypervisor (including data center and infrastructure), while the customer must take care of securing the OS, apps, users and data.
When determining how to best augment the secure infrastructure of their cloud provider, cloud managers should start by considering three aspects:
Time to value – This is all-important to developers. It’s why two of the top three barriers to adopting best practice cloud security were given as “too time intensive” (43 percent) and “would slow down cloud usage” (36 percent). Forrester believes cloud resources must be made available in under 15 minutes, automated and out of sight, or developers may look to circumvent IT controls.
Security risks – Cutting down on security in order to speed time to value will expose organizations to the risk of a data breach, including the financial penalties, damage to brand, legal costs, and consumer trust issues this could bring. Adding protection like data encryption, monitoring and logging, intrusion detection/prevention, and patch management and other controls to cloud workloads provides multi-layered protection that reduces security risks.
Cost – Applying maximum levels of security to every workload will drive up cost unnecessarily, impacting one of the main reasons of migrating to the cloud. It could also force developers to bypass security. But if you don’t add enough security, you become an easy target for hackers, leading to expensive data breaches. It’s a delicate balance.
Deep Security for the win!
Forrester believes the answer lies with security solutions offering pre-made templates with different levels of security to match the needs of individual workloads:
Optimal cloud security controls would be:
- Automated: so when a developer launches a workload, it is automatically protected.
- Personalized: with policies that fit the workload type, sensitivity and regulatory context.
- Pre-built in a template: so the developer doesn’t have to know what the right security is for their workloads.
You might have noticed a not-so-subtle soccer theme to this blog. That’s because Trend Micro is a proud National Sponsor of the FIFA Women’s World Cup 2015 soccer tournament in Canada this summer. That’s why we’re calling on all cloud managers to “Protect Your Net” in the run up to the event, and get smarter about cloud security.
With Deep Security, we believe we have the best solution: enabling automated, comprehensive security that won’t get in your way. What’s more, Deep Security can protect your entire organization – across physical, virtual and cloud environments and includes comprehensive protection in a single product and agent. Making management easier and lowering costs.
So click here to find out how you can enhance your cloud game plan with the best defense.