With that goal in mind, IBM has developed five best practices for public cloud computing that IT organizations should keep in mind as they move to the cloud. Cloud computing, says Harold Moss, IBM CTO for cloud security strategy, is fundamentally more secure than most existing on-premise IT deployments because of the amount of expertise that can be brought to bear on a single deployment and the use of modern security frameworks to safeguard these installations.
But that doesn’t mean, adds Moss, that just because an application workload is deployed in a public cloud that the internal IT department is not responsible for managing it. Moss says it’s critical for IT organizations to make sure they have the proper level of controls in place to secure application workloads both inside and outside the enterprise. To that end, internal IT organizations will need access to monitoring tools that allow them to be certain that all the security parameters that have been outlined in the service-level agreement (SLA) are followed.
The biggest issue with security in the cloud, however, may be that security concerns allow IT organizations to avoid having to confront more difficult issues, such as a fundamental inability to effectively manage data in the cloud. Rather than confront those issues directly, it’s simply a lot easier to roll those issues up under security because it allows the internal IT management team to avoid having some difficult conversations with the senior leadership of the business.
But one way or another all of these issues are going to have to be confronted in the months ahead. And the first step to making that happen is to stop making security the scapegoat for everything that is currently wrong with the way we manage internal IT.