Time to Take Cloud Security Issues off the Table

When it comes to cloud computing, there is plenty to be concerned about, but the more IT organizations think about security the less likely it is that security should be a major issue.

Right now, cloud security is primarily an issue because better known providers such as Amazon push security responsibility back to the customer. But there are also plenty of cloud computing platforms out there that offer more security than anything an internal enterprise is ever likely to be able to replicate.

Beyond figuring out which cloud computing platform to embrace, the real issue, says Chris Day, chief security architect for Terremark, a cloud computing provider that is being acquired by Verizon, is that companies need to figure out what application workloads really require what level of security and how much are they willing to pay to attain it. One of the reasons that providers such as Amazon can offer comparatively low pricing on cloud computing is because of the bare bones nature of the service.

Other providers can offer similar pricing, but for anything that requires true enterprise-class services that include security, pricing is going to be higher than it is for setting something up that is roughly akin to an application development test bed in the cloud that doesn’t require all that much security.

In fact, most of what gets ascribed to security in the cloud are really data management and compliance issues, or simply deliberate attempts to create concern over security as part of an effort to protect jobs that might be threatened by cloud computing. Data management issues still need to be addressed, but new encryption services from companies such as CipherCloud hold promise. Meanwhile, compliance and access management issues are being tackled by forthcoming offerings from RSA or new services from startups such as Okta. In the not-too-distant future, we’ll also see the emergence of cloud security certifications that should help make it easier to differentiate various levels of cloud computing security.

When all is said and done, most cloud computing providers can leverage scale to provide higher levels of security than almost any other enterprise outside of the Fortune 100. But like most things worth having in business or inside the enterprise, security isn’t going to be free.