Most of my friends and colleagues know that I like to cook so I will be doing a series of “recipes” in the next few weeks to address some of the key challenges based on conversations I am having with major organizations. So, to get started, here is part 1 on Creating a Trusted Cloud.
Clouds and virtualization offer powerful new ways to manage and use digital information, but they also create complexities for organizations in meeting the fundamental challenge of getting the right information to the right people over a trusted infrastructure. Why? Because clouds and virtualization change the nature of control and visibility. Infrastructure becomes virtual not physical. People access information from devices that are outside of IT’s direct control. Information moves at incredible speeds across networks and the cloud is making it hard to know exactly where sensitive information resides. Organisations must learn new ways to gain visibility into risks, threats and compliance performance.
Security is always cited as an inhibitor for cloud adoption. According to a recent Ovum survey when organizations were asked: “What are the biggest challenges or impediments to using cloud services in your organization?”According to the report, 85% responded with Data security concerns.
According to a Forbes Insight survey in 2010 security was the number one concern surrounding private and public cloud adoption. 43% were concerned about security in the Private Cloud and 75% in the Public cloud.
There are three main reasons for this:
• Gain visibility
• Maintain control
• Prove compliance
Gaining control over information in the cloud and preserving full visibility into where and how IT handles security and compliance reporting is the most significant challenge facing organizations.
Infrastructure becomes logical and not physical, rendering static, perimeter-based approaches to security and policy enforcement fruitless. Logical, dynamic boundaries pose new challenges for cloud control and visibility.
Identities (people, systems, devices, systems) become harder to confirm; simple because there are more of them. Interactions between machine identities outnumber interactions with human ones, and the cloud accelerates exposure to threats from mobile devices and social media tools.
Information can replicate and relocate at instantaneous speed in the cloud, making it hard to safeguard sensitive workloads and prove that information is managed according to policy.
Virtualization is a catalyst for trust and fuels the cloud’s ability to surpass the level of control and visibility that physical IT delivers. This unparalleled visibility and consolidated control over the entire virtual environment transforms IT into a vital resource for improving security and compliance in three ways:
- In clouds, the strongest security results when organizations protect information, not infrastructure. That’s because in virtualized environments static, physical perimeters give way to dynamic, logical boundaries. These logical boundaries form the new perimeter for trust and virtual machines adapt security to their particular workloads carrying policies and privileges with them as they travel across the cloud.
- Built-in and automated – in clouds where information, VM’s and entire workloads can relocate at the blink of an eye, security measures must be just as dynamic as the virtual assets they protect. Achieving this means building security into virtualized components and by extension, distributing security throughout the cloud. In addition automation will be absolutely essential to enabling security and compliance to work at the speed and scale of the cloud.
- Risk-based and adaptive – Static security measures based on rules and signatures can’t address advanced external threats. Instead, organizations are developing capabilities to assess risk instantly and to initiate appropriate countermeasures. In the near future, trusted clouds will employ predictive analytics based on their understanding of normal behavior and transaction patterns to spot high risk events and enable organizations to proactively adapt defenses.
Look out for Part 2 where we will mix the ingredients to create our Trusted Cloud model.