7/27/2019 Countering Customer's Cloud Security Concerns

1/2

Countering Customers Cloud Security ConcernsBy Sanjay SrinivaSan, TeleSphere CTO

july 5, 2012

The orecast or cloud security should read sunny and clear but enterprises looking to adopt cloud-based ITand communications services continue to deal with uncertainty about whether the services they receive and,more importantly, any o their content is truly secure. They certainly recognize all the other business beneftso cloud based services (including but not limited to access to services and inormation wherever you are,business continuity in the event o a disaster, opex vs. capex and others) but balk at signing on until they arecomortable that the services are secure. This provides a great opportunity or service providers to dierentiatethemselves rom others in the area o cloud security using a combination o technology, messaging andmost importantly education about cloud security. It is the authors opinion that FUD is probably the biggestcontributor to an enterprises insecurity about cloud security. The remainder o this article outlines somestrategies to use to overcome objections about cloud security.

The list o strategies actually begins with an observation: The very same decision makers that struggle withthis question or their businesses use cloud-based services in their personal lives and do so with some o theirmost critical private inormation online banking is an example. Consumers believe this to be secure and thatbelie is not coming rom them having any deep dive into the banks cloud design that belie may largely becoming rom the act that the banking industry is regulated and that someone else is ensuring that everythingis secure. As we look into this deeper, it will be apparent that third-party testing, certifcation and compliancewill be a key strategy toward overcoming objections.

Many enterprises believe that their computing or communications is more secure when it remains entirelyon their premises or i they build a private cloud. While it is technically easible or enterprises to designa solution that is secure, the operational aspect o the IT and communications services over time result insecurity becoming increasingly lax. This degradation oten comes rom process engineering ailures weakpasswords, password change policies that were strong when they started but succumbed to user pressure andeased up on the policies, amongst others. Enterprises in the SMB sector oten do not have the budgets and theresources to ensure that security practices are being stringently ollowed; in act they may not even know thatthis is not happening, as there is no ormal audit process in place. By comparison, service providers can oercloud services that are built around stringent security requirements including ongoing compliance audits andreports.

BUSINESS COMMUNICATIONS. SIMPLIFIED.

FeaTured in:

www.TELESPHERE.com | CALL 888.MY.SPHERE (697.7437

7/27/2019 Countering Customer's Cloud Security Concerns

2/2

Service provider clouds are typically better at balancing security and usability. The easiest way to secure aprivate cloud is to lock it down like Fort Knox. Even that strategy can backfre i employees get rustrated andlook or ways to circumvent security just so they can get access rom wherever they are, including their homeofce, hotel room and airport lounge. The service provider architecture, on the other hand, has to be designedor a Fort Knox-level o security and access, and they are in a better position to establish points o presencewherever their customers are. Economies o scale have a big bearing on security as well; providers are able to

spread the cost o the technology, process, people and systems across their entire customer base. In contrast,the enterprise is limited by its size; any extra cost must either make its way into their pricing or cut in to theirproft margin neither being a desirable outcome.

Hackers are almost always a step ahead o the enterprises in discovering and exploiting security loopholes.The typical enterprise does take the normal step o protecting the network using frewalls, intrusion detectionand prevention services and similar appliances and services. However, that is only step one in securing theenterprise. It is critical that the enterprise is plugged into the world o hackers to stay current with, i notahead o, what is happening in the hackers domain. I the enterprise gets disconnected rom this, they willalso miss notifcations about new threats and how to protect against them. They may certainly think aboutoutsourcing the Security Operations Center unction o their organization but that very thought process should

also set them thinking about why they would not move relevant portions o their IT and communicationsinto the cloud with a service provider that is in act plugged into the hackers ecosystem 24/7. Once againeconomies o scale play a pivotal role in enabling the service provider to be in a better position in stayingabreast or ahead o the hackers. Service providers may use inormation they have learned about threats acedby a set o their customers and apply protection against such threats to their entire base o customers.

Service providers also can leverage the concept o standards to their beneft in the area o cloud security. Theyare plugged into the security standards ecosystem and oten guide the development and evolution o thesestandards. As such they are early adopters o these standards. Having been involved in this eort early letsthem properly budget or these costs a typical enterprise only hears about these developments much laterand that may potentially delay adoption as their IT team needs to learn about the change and then fgure out

how to budget or any additional costs.

www.TELESPHERE.com | CALL 888.MY.SPHERE (697.7437

BUSINESS COMMUNICATIONS. SIMPLIFIED.