Securely Leveraging the Cloud

Cloud computing, that much touted game-changing technology for the enterprise, has been the focus of many IT forums and seminars in recent years. And interest in it continues to grow as a number of companies are now claiming that it has helped them improve their efficiency while allowing them to save on costs. But despite the hype that surrounds it -- which has made cloud computing the biggest buzz word in the tech arena today -- there are issues that have yet to be settled and clarified with regards its true worth.

Having a nose for the next big technology or killer app is, of course, a requirement for CIOs and IT managers wishing to go up the competitive ladder. And while cloud computing is being hyped as one of those technologies that can do wonders for a business, many are still reluctant to jump on the bandwagon.

For companies, security remains a top priority. With the continuous growth of data within enterprises, and their ready accessibility via the Internet, an easy-to-scale solution like the cloud is definitely an answer. But some questions remain: Is moving up to the cloud a truly safe journey? How can businesses join the bandwagon without the risks?

For its April 2013 Executive Briefing, Computerworld Philippines invited some of the country's experts in the cloud computing space to explain what this technology really is, and how businesses can leverage it to reap its benefits without too much worry.


John Alabastro, president and director of Pan Pacific Computer Center Inc., and CIO of House of Investments, described cloud computing as a catalyst in the sense that it is a type of service that enables companies to rely "on sharing computing resources" instead of having local servers to handle applications.

For his part, Drexx Laggui, principal consultant at Laggui & Associates, admitted though that "a lot of people have different definitions for cloud computing." Citing Facebook as one cloud-based utility that both public and private institutions use for marketing and public service purposes, he said the cloud is "a computing model that defines what we want and what we need.".

Depending on the particular need, infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and software-as-a-service (SaaS), are the three most utilized service models that businesses can easily get from cloud service providers, Laggui said, adding these models provide business with a good alternative to purchasing hardware, licenses, and applications.

For business executives who constantly worry about allocating hefty funding to put up an agile IT infrastructure, cloud is definitely an answer. "It's on demand, [and it allows] faster time to market because you don't need to pay for anything to be installed or set up," Jose Niño Valmonte, marketing director at IP Converge, pointed out. "Normally this is on an OPEX (operating expense) model" and you can "expand as much as you like anytime you want."

It also reduces maintenance and upgrading needs by 20%-25% compared to the traditional setup, added Alabastro.

And because it's a pay-as-you-go service, Laggui underscored the fact that users can "get the service automatically without the human interaction."

In view of the IT teams' daunting multitude of tasks, utilizing the cloud can actually allow them to focus on more important projects that may have been shelved because they had to closely monitor traditional data centers.

Even Louis Napoleon Casambre, an undersecretary of the Department of Science and Technology (DOST) and executive director of the Information and Communications Technology Office (ICTO), a DOST agency that is currently developing a government cloud through the Integrated Government Philippines project, sees huge advantages in going to the cloud.

"Cloud computing is already in full swing," he said. "SMEs (small and medium enterprises) can now have access to enterprise-grade technology at a fraction of the investment cost, allowing them to compete with the big players."

Many underlying technologies being utilized today attest to how crucial cloud computing has become for today's businesses. Mobile network firm Ericsson said that today, the mobile subscription base has blown up to 6.3 billion users, and applications downloaded have already reached 48 billion. In addition, the company foresees that there will be 50 billion connected devices by 2020.

Mobility has further fueled the clamor for cloud computing, as it continues to change the way people work. For businesses, the cloud "offers a new variety of services," noted Elie Hanna, president and country manager, Ericsson Philippines & Pacific Islands.

Valmonte acknowledged this, and cited a study by Internet World Stats which showed that the Philippines, with 33.6 million Internet users, is among the top five countries in Asia when it comes to the number of Internet users. Citing a forecast by research analyst Gartner, he said the Philippines, along with its neighbors, will bring about a 22% increase in cloud adoption in the region by 2013.


But if cloud computing is so ideal for business, why is the Philippines still lagging behind its Asian neighbors in cloud adoption?

"Security is the major concern for those doing cloud," answered Alabastro.

"It is only natural for companies to be wary of their data being in someone else's hands, likewise with company data traversing the internet, there is also a chance that it can be intercepted," Casambre pointed out. "This is particularly true with extremely sensitive data such as that from the government and financial institutions."

However, he noted that "measures can be put forward to minimize the effects of the risks."

For companies who are just starting to utilize the cloud, Alabastro advised that they should carefully prepare the infrastructure. "Once you go cloud, you will be very dependent on the Internet," he noted. "You need to have a redundant line." And to make it less complicated, when starting in the cloud, it's a must "to start with the least risk approach," he added.

This means starting with non-core applications like email and small business apps, and using standalone systems. "When you start with a core application and it goes down, your company will suffer," he said.

"You put in the cloud only stuff that can have a moderate impact on the organization; it may not be prudent to put in the cloud [those that can have high impact on operation]," noted Laggui.


One of the most crucial steps in making the migration to the cloud a smooth-sailing journey as the business scales up is vendor selection. "Never choose a vendor based on cost alone," Alabastro said. Businesses, he noted, should look at "how long they respond" and should "make sure they are dealing with a reputable one."

The business should have a "well-defined" service level agreement (SLA) with its cloud service provider that works for both parties, said Laggui.

And in short listing prospective cloud providers, businesses must also "keep tabs on the data for your cloud services and where they reside," Casambre pointed out. "The Data Privacy act of 2012, likewise provides the legislative and regulatory support to ensure that sensitive data located in local servers are protected under the law."

But it doesn't end there, he warned, as the law can only protect so much. Businesses should also have their own policies internally, and inform employees of the effects of misusing these technologies.

"They should know what is the cloud," Alabastro said. This will help employees "determine what's best for the company."

Cloud is undeniably an attractive option for businesses, and Valmonte even said that there are now around a million installations of cloud services every year. But despite this fact, businesses should not simply join the bandwagon for cost-efficiency or competition's sake. Like any technology, the cloud needs a full understanding in order to be successfully implemented with less worries, and, more importantly, fewer security risks.

For a cloud implementation to succeed, Alabastro said businesses should make sure that they have a long-term goal in mind and evaluate the cloud solution properly by getting help from the company's different departments that can give vital insights on the proper implementation based on the company's needs.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitycloud computinginternet

More about Department of Science and TechnologyEricsson AustraliaFacebookGartnerInc.Internet WorldTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Phoebe Magdirila

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place