E-Guide CLOUDS ARE MORE SECURE THAN TRADITIONAL IT SYSTEMS -- AND HERE S WHY
P aranoia has crept into many organizations due to the cloud computing approach, and how it feels insecure with your data stored on servers and systems that you don t own or control. However, control doesn t mean security the physical location of your data matters less than the means of access. This e-guide points to cloud security research that highlights how clouds are generally more systems. Systems built without a strong security strategy won t be as secure, whether they are cloud or not. Learn 3 steps that will help you focus on a well-defined and executed security strategy with the right enabling technology. PAGE 2 OF 7
CLOUDS ARE MORE SECURE THAN TRADITIONAL IT SYSTEMS -- AND HERE S WHY A strong-held belief in traditional IT security over cloud is faltering as studies find that data location matters less than accessibility. I speak to many in traditional IT that I call the folded arms gang. These are IT executives who need to address the use of cloud computing -- typically because the CEO or their board of directors is demanding it -- but feel that cloud computing still has too many shortcomings. They want to hear about cloud computing, but they don t believe in its use. The good news is that the folded arms gang has lost many members as cloud computing proves its value. However, the argument around security and privacy issues in the cloud still comes up often. While there is a certain amount of emotion, and sometimes politics, at play, you must educate those in enterprise IT around the real issues and the real risks. Indeed, I ve been finding that clouds are more systems, generally speaking. According to Alert Logic s Fall 2012 State of Cloud Security Report, the variations in threat activity are not as important as where the infrastructure PAGE 3 OF 7
is located. Anything that can be possibly accessed from outside -- whether enterprise or cloud -- has equal chances of being attacked, because attacks are opportunistic in nature. The report further finds that Web application-based attacks hit both service provider environments (53% of organizations) and on-premises environments (44%). However, on-premises environment users or customers actually suffer more incidents than those of service provider environments. On-premises environment users experience an average of 61.4 attacks, while service provider environment customers averaged only 27.8. On-premises environment users also suffered significantly more brute force attacks compared to their counterparts. Clearly, there are myths that cloud computing is inherently less secure than traditional approaches. The paranoia is due largely to the fact that the approach itself feels insecure, with your data stored on servers and systems you don t own or control. However, control does not mean security. As we ve discovered in this report, and in incidences over the last several years, the physical location of your data matters less than the means of access. This is the case for both cloud-based systems and traditional enterprise computing. Moreover, those who build PAGE 4 OF 7
cloud-based platforms for enterprises typically focus more on security and governance than those who build systems that will exist inside firewalls. Systems built without the same rigor around security won t be as secure, whether they are cloud or not. So, the best practice here is to focus on a welldefined and executed security strategy with the right enabling technology. Don t focus as much on the platform. THE GUIDANCE I TYPICALLY PROVIDE INCLUDES THREE STEPS: 1. Understand your security and governance requirements for a specific system and/or data store. Many of those who deploy security around cloud or traditional systems don t understand what problems they are attempting to solve. You need to define those up front. 2. Understand that controlling access is much more important than the location of the data. Look at how the data is accessed, and look specifically at opportunities to breach. Again, most of the data breaches occur around finding vulnerability, no matter if it s cloud-based or on-premises. PAGE 5 OF 7
3. Finally, vulnerability testing is an absolute necessity, no matter if you re testing the security of cloud-based or traditional systems. Untested systems are unsecured systems. I suspect that we ll think differently around security and the cloud as we deploy more public cloud-based systems and data stores and the world does not come to an end. However, without the right amount of planning and good technology, cloud-based platforms can become risky. Same goes for your existing enterprise systems. No free lunch here. PAGE 6 OF 7
FREE RESOURCES FOR TECHNOLOGY PROFESSIONALS TechTarget publishes targeted technology media that address your need for information and resources for researching products, developing strategy and making cost-effective purchase decisions. Our network of technology-specific Web sites gives you access to industry experts, independent content and analysis and the Web s largest library of vendor-provided white papers, webcasts, podcasts, videos, virtual trade shows, research reports and more drawing on the rich R&D resources of technology providers to address market trends, challenges and solutions. Our live events and virtual seminars give you access to vendor neutral, expert commentary and advice on the issues and challenges you face daily. Our social community IT Knowledge Exchange allows you to share real world information in real time with peers and experts. WHAT MAKES TECHTARGET UNIQUE? TechTarget is squarely focused on the enterprise IT space. Our team of editors and network of industry experts provide the richest, most relevant content to IT professionals and management. We leverage the immediacy of the Web, the networking and face-to-face opportunities of events and virtual events, and the ability to interact with peers all to create compelling and actionable information for enterprise IT professionals across all industries and markets. PAGE 7 OF 7