The versatile range of benefits associated with cloud computing attracted attention from IT professionals across all sectors lately. However, the popular perception that the platform is not yet equipped to satisfy security demands is slowing adoption. But according to industry expert Patrick Eijkenboom, these fears may be misguided as a number of established practices for bolstering cloud security are emerging.
In a recent column for Voice & Data, Eijkenboom analyzed a number of the challenges faced by cloud vendors and users relate to data security. Businesses are concerned that the new technology is not yet ready to provide comprehensive threat protection or satisfy complex regulatory, audit and compliance demands. But with proper caution and sound strategies, there is no reason companies cannot realize the benefits of cloud computing while also minimizing risk.
Echoing the sentiments of colleague Jay Gardner, Eijkenboom suggested that integration and automation are the first concepts that must be addressed when designing a cloud strategy. As enterprise networks grow to support larger, more distributed and varied workloads, automation and integration tools will be key to maintaining strong and consistent performance. But along with these impressive cloud utilities comes the risk of data vulnerability if vendor relationships and IT governance is weak. Companies must understand data delivery models and hold cloud providers to strict service level agreements.
According to Eijkenboom, businesses can also add another layer of protection to their operations by implementing a regulatory standard that makes sense in the context of the industry. Several public cloud providers already have stronger IT governance controls in place to manage their multi-tenant environments, and partnering with such a vendor may be the simplest option.
But often it is up to the company to analyze and suggest possible improvements to the terms of a service level agreement. Earlier this year a study from the Ponemon Institute suggested that nearly seven out of 10 cloud providers believe the burden of security lies primarily with the client.
One such responsibility is identity management. IT governance loopholes have been the culprit for several internal attacks in the past few months, and companies need to learn from the mistakes of their colleagues. Although it can be significantly more challenging across a highly-distributed network, identifying which users have access to which content, and how data breaches are handled, can only be done in-house. Assuming that the cloud providers will handle such concerns is irresponsible and potentially dangerous.