Friendlier Clouds – The New Era of Security in the Cloud
By Andy Monshaw (left), General Manager for IBM Midmarket Business, & Shahin Pirooz (right), Chief Technology Officer, CenterBeam, Inc. Major advances in security around platform authentication, authorization, data security, and auditing over the past few years have significantly accelerated the adoption of cloud for small and midsize businesses. Recognizing the cloud's silver lining of mobility and easy access, CIOs today are consuming technology and services through the cloud delivery model. In particular, many companies are pursuing Big Data -– sifting through massive amounts of data we collect to spot trends -- through the cloud. This approach is allowing budget-minded business leaders to take advantage of pay-per-usage services instead of adding on-site servers to handle the complex analytics solutions Big Data requires. In a new survey of 785 companies by venture capital firm North Bridge Venture Partners, 82 percent said they use Software-as-a-Service (SaaS) today, and 88 percent expect to use it in five years. Building on this growth trend, researcher AMI forecasts that small and midsize businesses in the United States will spend more than $49 billion on cloud services in 2015, which is nearly double the size of the market today. With their security concerns alleviated, many SMBs are delegating standard IT management to the cloud, relying more and more on Managed Service Providers to extend their IT reach. New capabilities can include simplifying delivery of e-mail, payroll, sales management, core processing, and data analytics; protecting infrastructure, including managing firewalls and detecting intrusions; and safeguarding data, such as encrypting information in transit. Safer than Ever Notably, only 3 percent of respondents in the North Bridge poll found the cloud too risky. In fact, many midsize businesses find that large cloud centers handled by Managed Service Providers offer more security than traditional data centers. If you think about it, a dedicated cloud computing company can invest far more resources in data backup and security than most midsize companies can. For instance, cloud service providers generally issue frequent updates in order to ensure up-to-date protection for their Web servers and other infrastructure elements. Many providers also offer their clients application protection that is regularly updated and managed. From a physical security perspective, a top-tier cloud center, for example, may require thumbprint verification to ensure that only authorized personnel can gain entry to the facility. When it comes to employing cloud computing, there are a few simple rules that any midsize company should keep in mind. Whether a solution is in the cloud or inside a company, the key is to maintain your firewalls and security defenses, and not allow direct access to your core infrastructure. Never deploy a cloud solution without firewalls. You wouldn’t do it in your data center, so don’t do it with a cloud provider. This protects your core network from the public Internet and prevents unwanted access to your infrastructure. Also, never deploy a solution that requires you to administer your services over the Internet. Choosing the Right Cloud Partners Regardless of the cloud's safety today, interested companies should do their homework before choosing a cloud partner. Start by asking a few key questions: 1. Is the provider a good fit for my strategy and objectives? Companies become dissatisfied when they have to modify their business practices or security policies to fit cloud or SaaS providers' requirements. Traditionally, applications that have been put into a cloud or SaaS environment have been restricted by the ISP (Internet Service Provider), so you may get less functionality than you're accustomed to in your own environments. Make sure your business objectives drive your technology decisions, not the other way around. Cloud providers should enable flexibility so customers can bring their own policies and procedures. 2. How much cloud experience does this provider have? Some providers are really just delivering infrastructure as a service and leave the cumbersome service integration to clients. Pick a partner that has solid integration experience and a breadth of services so it can grow with you and your workloads. You don't want to end up with multiple providers. 3. Does the provider have a strong history of offering secure hosting services? Have its security procedures and practices been audited to ensure compliance with the strictest standards and best practices? Has it had any security breaches in the past? To what extent? How were its customers affected? If there have been past issues, how were they handled? When it comes to cloud security, the best defense is a good offense by reducing risks and taking measures to ensure a secure cloud environment. Make your transition to the cloud both a smart and safe decision. The existing dynamic of enhancements in security around cloud, tackling the challenge of Big Data while staying ahead of competition -- all this is creating the perfect storm for Managed Service Providers to seize the opportunity and help small and midsize businesses get on the path of innovation and growth.