Alert Logic’s Fall 2012 State of the Cloud Security Report finds that anything that can be possibly accessed from outside, whether enterprise or cloud, has equal chances of being attacked. Web application-based attacks hit both service provider environments (53% organizations) and on-premise environments (44% organizations). However, the survey pointed out that on-premise environment users experience an average of 61.4 attacks while cloud service provider environment customers averaged only 27.8. On-premise environment users also suffered significantly more brute force attacks compared to their counterparts.
Early adoption of cloud has its share of critical challenges like blocking security threats, protecting sensitive data and meeting compliance requirements. According to a Wipro survey of 100 global CXOs, 2 out of 3 respondents felt that security concerns are the biggest barriers to cloud adoption. The paranoia is largely due to the fact that, just the approach itself feels insecure. When their data is stored on several external servers and systems, organizations lose ownership and control. Complex regulatory and industry compliance standards are additional road-blocks to cloud adoption.
In the healthcare industry, for example, the latest HIPAA standards make enterprises understandably cautious about adopting cloud technologies. Moreover, by 2015, all medical professionals with access to patient records must utilize electronic medical and health records. Despite these security concerns, the healthcare cloud computing market, currently about $3 billion, is expected to grow to nearly $6.8 billion by 2018.
Clearly, there are myths out there that cloud computing is inherently less secure than traditional approaches
The path to security in the cloud is not much different than the path to security for internal systems. By implementing the right technical and administrative security controls, enterprises can keep their data safe and their applications running smoothly.
I believe that a successful cloud journey begins with prioritization on security and implementing multiple security countermeasures in the cloud construction that holistically covers the following security related aspects:
- Perimeter security
- Host security
- Application Security
- Identity and Access Governance
- Supporting security services
- Securing administrative access
While compliance requirements continue to evolve in complexity, adherence to best practices can help. Adoption of a common security control framework, enhancing accountability for control objectives and a continuous monitoring program are some of the ways through which organizations can mitigate the associated risks.
Infrastructure performance is frequently overlooked. Performance in a cloud environment can be enhanced by using hardware designed for high-performance workloads, implementing a redundant cloud architecture, compartmentalizing storage and compute resources, designing the back-end storage configuration to satisfy IO from high-demand workloads and leveraging real-time dynamic resource scheduling to eliminate infrastructure hot spots and scale workloads.
How mature is your organization in cloud adoption? Is it prepared for the journey into the cloud? Share your experiences