Infosec: Cloud computing ‘explodes’ the security perimeter
April 26, 2011
Cloud computing makes the argument for protecting data, rather than the perimeter, stronger, according to encryption solutions provider SafeNet.
This is just one of the issues that the cloud computing trend poses for IT professionals, who, according to a recent report from Accenture and the London School of Economics and Political Science’s Outsourcing Unit, are still on the whole unconvinced by the cloud, due to security and privacy concerns.
Dr Rob Elliss, regional VP of sales, Northern Europe, at SafeNet, said: “You can’t protect the perimeter. When it [the data] is created, at rest, in transit, the data has to be protected. The cloud merely explodes the perimeter beyond your own data centre.”
But the ‘explosion’ of the perimeter makes it challenging for IT in other ways too.
According to security management software provider NetIQ, IT security teams, particularly those in the financial sector, are increasingly required by the business to produce reports on the risks of the organisation. This may be for regulatory or compliance reasons, for example.
“The business demands to understand the security posture of the business. Security is under pressure to deliver reports to the business,” said Jorn Dierks, chief security strategist EMEA at NetIQ.
These reports would now need to extend to incorporate the security risk of the cloud services, particularly if an organisation’s data is in a public or hybrid cloud provider’s service.
“Organisations are very aware of the cost savings of migrating data into the cloud, but the main inhibitor is security, because you are placing it into somebody else’s governance,” Elliss added.
Meanwhile, token-less authentication software provider GrIDsure said that cloud service providers are exploring ways of securing their services in a simple, cost-effective way, in line with the benefits of the cloud computing model.
“A lot of cloud and managed services people are talking to us at the moment. [They want] to offer a service that is secure, to make sure that the right person is logging on to use the service.
“They are looking for something that is very easy to use, so that the support requirements are low, and scalable.”