Enterprises starting to trust cloud for more sensitive apps

Traditional and conservative types of companies are venturing into the cloud to carry out complex processes

Trusting the cloud to handle sensitive transactions and security services isn't for every enterprise, but organizations from banks to app developers are starting to give it a try.

Gartner predicts the global cloud computing market will grow 18.5% this year to $131 billion, with business process-as-a-service accounting for the biggest chunk of that at 28%. According to Gartner's numbers, management, security and automation accounts for just 2.8%.

Even more traditional and conservative types of companies, such as banks, are venturing into the cloud to carry out complex processes that, in some cases, they find they can do far more efficiently outside of internal data centers.

[ FAQ:What you need to know about cloud computing's hidden tax hit]

Take TD Bank, for example, which like all banks has the legal obligation to process e-discovery requests related to any civil and criminal case in which bank records or email are needed. Dera Nevin, the managing counsel for e-discovery there, says she's found a cloud-based e-discovery system has been a huge advantage over trying to run an in-house application to do this.

"Our IT systems were not designed with e-discovery in mind," says Nevin. She points out that e-discovery involves complicated searches to ferret out exactly the right financial information that lawyers approaching the bank need to represent their clients in civil or criminal cases that might involve everything from arbitration to regulation to criminal subpoenas to matrimonial disputes.

By adopting Catalyst Repository Systems as a cloud-based service where documents are uploaded and then sorted through, the e-discovery process scales up much better than it did trying to sort through documents directly inside the bank's various locations, Nevin says.

"This platform is designed to take disparate file types and normalize them," Nevin says. TD Bank has literally "petabytes" of data that need to be searched for e-discovery and the cloud-based service has fine-grained searching mechanisms that make the process go faster and more smoothly for the bank's staff, Nevin says. TD Bank first uploads large volumes of data to the cloud service and then proceeds with the search.

Security in the cloud

Turning to outside vendors for security help is also a choice some companies are making when it comes to the cloud.

Atlanta-based PGi is a large provider of Web-based collaboration services available to mobile and desktop, a $525 million business operating in 25 countries with 45,000 enterprises customers. Sean O'Brien, executive vice president for strategy and communications, says his company has turned to the cloud for many types of services, including those from Salesforce, ServiceNow and Amazon EC2. To guard its collaboration service and its own internal network, PGi elected to have Symantec monitor and handle security issues that might come up.

The Symantec managed services are broad at PGi, relying on Symantec sensors that monitor traffic such as what two-factor network authentication is occurring, or picking up information directly from Symantec Endpoint Protection software on the desktop, sending security-relevant information to Symantec's cloud-based security and information management service. It's a log collection platform that collects data associated with servers, applications, firewalls and IPS, for example, so it can be immediately analyzed in the Symantec Security Operations Centers on a round-the-clock basis. O'Brien says this is a partnership model that the company needs on a global basis.

Like any business, PGi faces cyberattacks, particularly from fraudsters that try to break in, sometimes thorough customer networks.

"The occasional problem is inevitable," says O'Brien, noting fraudsters will try to hack into the network if only to try stealing telephone bandwidth to try to make calls to unlikely locales like Nigeria. Symantec has proven effective in monitoring to cut that kind of attack off at once, and also guards PGi's internal corporate network from problems such as malware.

Other companies say they've grappled with making choices about what cloud infrastructure as a service would suit their needs.

Baltimore-based Social Solutions, which makes applications used by thousands of public and nonprofit social service organizations, had been hosting these applications in an internal data center. But the company found it was hitting scalability issues.

Adrian Bordone, co-founder and vice president, says the 130-employee company considered using Amazon and Rackspace to run its applications, but in the end went with what SunGard calls its Availability Services and Cloud Services for a number of reasons.

SunGard's approach includes managed security for intrusion-detection and prevention as well as disaster recovery, high availability and multi-site failover. This carried weight not only with Social Solutions, but with its customers who are "risk averse," Bordone says. Since the shift to SunGard, there have simply been no significant problems over the past few years, says Bordone. "We've had zero downtime," he says.

Shifting from an in-house data center to cloud IaaS had to be considered from the regulatory viewpoint as well, Bordone says. Rules in Canada, for example, require that Canadian health and human services agencies that are publicly funded keep data within the country's borders. So Social Solutions uses SunGard's Toronto-based facility to provide applications to its Canadian customers, and sticks with the Philadelphia-based SunGard facility to serve U.S.-based customers.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email:

Join the CSO newsletter!

Error: Please check your email address.

Tags symantece-discoveryTD BanksecurityCloudcloud securityForensicscloud computinginternetGartner

More about Amazon Web ServicesBaltimoreGartnerIDGIPSRackspaceSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place