Cloud-Based Security – New Capabilities for Traditional Businesses
Over the next two years, enterprises are well on their way to shifting a large part of their IT security initiatives to the cloud. A number of changes are underway in many key technology areas and are providing companies with secure email services, vulnerability assessment processes, secure web portals and gateways and the all-important area of identity and access control and management.
Consequent to these initiatives, the cloud security services market will probably see an increase of revenues to $4.2 billion. This increase and shift from the traditional on-premise security products to cloud based solutions is also being driven by difficulty in finding personnel with the qualifications to handle these issues. Professionals with such specialized skills are expensive to hire and retain and switching over to a cloud-based model provides one way out.
As is to be expected, secure e-mail is the most sought after service. Approximately 3/4 of the companies surveyed have said that this remains their topmost priority. Huge amounts of company secrets and information are buried in email archives and these need to be protected at all costs.
There are two more areas where cloud-based security products are seeing rapid growth.
Compliance
The first is regulatory compliance – By moving to a cloud-based security system, users are able to see reduced costs in areas of log management, security event reporting and ensuring compliance. A cloud-based security brokerage service becomes an important partner because companies are rightly worried about sending sensitive data to the cloud. This is even more critical where applications span multiple clouds and also need to interface with on-premise systems. Such complex structures cannot be handled without professional help.
Tokenization
The second area of growth is in the field of tokenization – A large proportion of cloud service users are already considering using tokenization as a service. Tokenization replaces sensitive data with a unique ID symbol. For example, once the company has been given your credit card details, it replaces the entire credit card data with an arbitrary string of alphabets and digits. For all future transactions which is called a ‘token’, it uses this token for all future transactions. This avoids sending sensitive personal data up and down the network.
Since the token is arbitrary and is not generated from the credit card details, there is no fear that an attacker can use the token to decipher the original details. This meets with the ‘payment card industry data security standards’ (PCI DSS). Tokenization also ensures that there is no need for encryption / decryption. Using such a system, the tokenization cloud service provider manages the actual sensitive data, while companies only work with the tokens. This greatly reduces the security overheads in software applications (think of medical data, financial data, social security records and so on).
While value-added retailers are offering security as a service and are taking over this critical aspect of operations, there should be no doubt about who is eventually responsible to the customer. To cite an example, GMO Cloud offers comprehensive security measures along with its cloud hosting services. If your company holds sensitive data, then the company is responsible even if it has downstream agreements with the security service provider. Therefore even though you may have outsourced your work, you need to audit your security processes frequently.
Be Part of Our Cloud Conversation
Our articles are written to provide you with tools and information to meet your IT and cloud solution needs. Join us on Facebook and Twitter.
About the Guest Author:
Sanjay Srivastava has been active in computing infrastructure and has participated in major projects on cloud computing, networking, VoIP and in creation of applications running over distributed databases. Due to a military background, his focus has always been on stability and availability of infrastructure. Sanjay was the Director of Information Technology in a major enterprise and managed the transition from legacy software to fully networked operations using private cloud infrastructure. He now writes extensively on cloud computing and networking and is about to move to his farm in Central India where he plans to use cloud computing and modern technology to improve the lives of rural folk in India.