Protect

There’s More Than Hype Behind Cloud Security Concerns

Print
Check out this page on Dell.com! Email
Rate
1 out of 5
2 out of 5
3 out of 5
4 out of 5
5 out of 5

By: Keith Ferrell (10/21/2010)

It's hard, in today's threat environment, for me to imagine any security concern being over-hyped (although others have different opinions about this). Then again, I write about security issues, so maybe I'm part of the problem. I don’t think that’s the case, however, so let’s take a closer look at this question. Certainly the growing concern about security in the cloud — and particularly security issues around cloud-based business service providers — isn't a question of hype. It’s a matter of due diligence in coming to terms with new(ish) technologies. Part of this heightened concern stems from the ""Willy Sutton Syndrome"" — when asked why he robbed banks, the famous criminal simply replied, “Because that’s where the money is.” The cloud is where the money (including the banks' money) increasingly resides today, and that fact is attracting more and more attention from cybercriminals. This increased criminal presence — and other varieties of malevolence — is already all too familiar to enterprise IT professionals. Things are bad out there, and they’re only getting worse as criminals use new attacks, new attack vectors, and whole new attack strategies. All it will take to undermine confidence in the cloud is one innovative and unexpected breach of a cloud provider's security in a major, headline-grabbing way. I think it’s hard to overhype this threat in an environment where some experts already assert that nothing can be considered “trustworthy” any longer when it comes to ensuring IT security. The difference with the cloud — whether it involves software, platform, or infrastructure services — is that you are ceding control over your business data, and thus your business assets, to outside entities. On one level, there’s nothing new about this: Every enterprise already outsources all manner of services, from IT to custodial support. Yet there’s a level of familiarity and transparency to other forms of outsourcing that cloud providers haven’t yet achieved. That’s a huge concern when a company is pondering how much control to cede over its most valuable data assets. The best providers of cloud services know this; their aggressive approach to addressing security concerns is perhaps the best indication that this concern isn’t overhyped, and definitely cannot be overlooked. Nor will that focus on security concerns in the cloud go away: As early questions are answered and fears addressed, new ones will appear. That's the nature of the technology, whether it’s cloud-based or not, and it's the nature of our times as well. That's my take, at any rate. Considering the stakes for both enterprises and cloud service providers, I don't think it's an overreaction.

It's hard, in today's threat environment, for me to imagine any security concern being over-hyped (although others have different opinions about this). Then again, I write about security issues, so maybe I'm part of the problem. I don’t think that’s the case, however, so let’s take a closer look at this question.

Certainly the growing concern about security in the cloud — and particularly security issues around cloud-based business service providers — isn't a question of hype. It’s a matter of due diligence in coming to terms with new(ish) technologies.

Part of this heightened concern stems from the ""Willy Sutton Syndrome"" — when asked why he robbed banks, the famous criminal simply replied, “Because that’s where the money is.” The cloud is where the money (including the banks' money) increasingly resides today, and that fact is attracting more and more attention from cybercriminals.

This increased criminal presence — and other varieties of malevolence — is already all too familiar to enterprise IT professionals. Things are bad out there, and they’re only getting worse as criminals use new attacks, new attack vectors, and whole new attack strategies. All it will take to undermine confidence in the cloud is one innovative and unexpected breach of a cloud provider's security in a major, headline-grabbing way. I think it’s hard to overhype this threat in an environment where some experts already assert that nothing can be considered “trustworthy” any longer when it comes to ensuring IT security.

The difference with the cloud — whether it involves software, platform, or infrastructure services — is that you are ceding control over your business data, and thus your business assets, to outside entities. On one level, there’s nothing new about this: Every enterprise already outsources all manner of services, from IT to custodial support. Yet there’s a level of familiarity and transparency to other forms of outsourcing that cloud providers haven’t yet achieved.

That’s a huge concern when a company is pondering how much control to cede over its most valuable data assets. The best providers of cloud services know this; their aggressive approach to addressing security concerns is perhaps the best indication that this concern isn’t overhyped, and definitely cannot be overlooked.

Nor will that focus on security concerns in the cloud go away: As early questions are answered and fears addressed, new ones will appear. That's the nature of the technology, whether it’s cloud-based or not, and it's the nature of our times as well.

That's my take, at any rate. Considering the stakes for both enterprises and cloud service providers, I don't think it's an overreaction.