Forecast for Cloud Security: Still Cloudy
September 22, 2010
While many companies are moving their apps and services to the cloud, roughly half are unaware of what they are getting themselves into, security-wise. That’s the main finding of Security of Cloud Computing Users, a recent study done by the Ponemon Institute for CA Technologies.
The study reveals that more than half of U.S. organizations are adopting cloud services, but only 47 percent believe that cloud services are evaluated for security prior to deployment. Of equal concern, more than 50 percent of respondents in the United States say their organization is unaware of all the cloud services deployed in their companies today.
Such bad news for corporations is good news for VARs, which can capitalize in two ways: selling cloud solutions and the security envelopes to protect those cloud investments.
The growth of the cloud market is nothing short of breathtaking. Market researcher IDC recently forecast that the market will grow at six times the rate of IT spending between now and 2013. IDC estimates that approximately $17 billion was spent on cloud-related technologies in 2009 and that $45 billion will be spent by 2013.
“Cloud computing applications hold a great deal of promise for organizations, but their adoption is fraught with risk,” says Larry Ponemon, Ph.D., chairman and founder, Ponemon Institute. “The implications for information security and data privacy are potentially dire.” To address security concerns, Ponemon recommends that companies create and implement policies and procedures to screen and qualify cloud computing vendors.
Ponemon’s advice is echoed by the Cloud Security Alliance (CSA), a nonprofit dedicated to promoting best practices for cloud computing security. CSA believes the industry needs clear guidelines, audits, and certification of cloud providers.
CSA’s key issues are: incident response, encryption and key management, identity and access management, and legal and electronic discovery. Until the next big thing appears, VARs in the trenches mostly cling to unified threat management (UTM) appliances, encryption, and authentication software for solace.
“A next-generation firewall is not enough to protect network infrastructure, internal and external,” says David Dadian, CEO of powersolution.com, a VAR in Ho-Ho-Kus, N.J. “We deploy UTMs from Fortinet because its products deliver data loss protection and anti-virus, as well as a high-performance firewall.”
Dadian adds that UTMs enable his company to quickly turn on additional features, such as anti-malware, anti-spam, intrusion prevention, WAN optimization, SSL content inspection, and endpoint control—without having to purchase those features from multiple vendors.