Security in the Cloud

While the concept of cloud computing (accessing applications online) has been around for close to a decade, talks on the subject have intensified significantly in recent months. The catalysts to these discussions range from the sharp decline in hardware and network infrastructure costs to the desire for a business to 'go green' to the need for accessibly by an increasingly distributed workforce. Whatever the reason, big business has taken notice and as this interest turns into action, these companies must be prepared to look at all of the key issues around this move before taking action.

What we are seeing today is a growing wave of interest from businesses in deploying a company-wide cloud computing model. In fact, InfoWorld predicted earlier this month that 'the high cost of power and space is going to force the IT world to look at cloud services, with a shift to computing as a cloud resource occurring in the next five years.' The author goes on to predict that the 'emergence of cloud computing will reduce the need for computing at the enterprise level.'

Few people question that cloud computing will bring an array of benefits to businesses, many which have been touched on above. The issue as I see it is that for those businesses looking to the cloud, many are not easing in with their eyes fully open but rather are jumping in head first -- as a result, they are forgetting to weigh all key areas ahead of time, specifically those on the security side. A perfect example involves strong authentication.

Strong authentication solutions are essential for businesses looking to safeguard their company assets against unauthorized access. For those businesses leveraging a cloud computing model, a major selling point is that employees can access critical applications from virtually anywhere while the company saves bundles of cash on infrastructure and maintenance costs. The issue is that it once you are in the cloud the risks of protecting your systems from unauthorized access grow dramatically.

Since the clouding computing model creates new wave of challenges for the security team, I assumed that these folks are highly involved all discussions. What surprised me is that in many instances this is not the case. What I have witnessed is that businesses are shutting the security teams out of the discussions altogether and are instead focusing almost solely on architecture. The security team is eventually brought into the discussions but in many instances the team is literally forced to participate. This is a major oversight that could potentially have significant ramifications down the road.

Strong authentication is a vital element to protecting a business's assets from unauthorized attacks and the need for these solutions only grows when a business shifts to a cloud computing model. As a result, for those businesses preparing to transform to the cloud model, the security team must be a central participant in the discussion from the very beginning. By including them in the process and making them a part of the plan at the initial planning stages, businesses will be able to ensure that operating in a cloud doesn't mean they are flying blind.

-David