No matter what type of organisation you work for, it’s hard to escape the cloud computing discussion. Cloud computing offers unparalleled advantages in terms of scalability and cost benefits, and there is no denying that it has changed the very nature of IT and the way use technology in business.
While the conversation is not new – as an industry, we’ve been talking about cloud for years now – we have seen a dramatic shift in attitude over the past 12 months in how people view cloud adoption in their organisation. As a country, we’re really starting to move from a ‘cloud last’ strategy to a ‘cloud first’ strategy.
Previously, the biggest concern for organisations looking toward the cloud, and as an unfortunate result, the largest inhibitor, was security. This concern could encompass everything from data security to privacy to data sovereignty and data jurisdiction; knowing exactly where data is physically located and how it is secured so that it’s not subject to foreign laws.
When Amazon Web Services opened a local data centre in November 2012, Australia gained access to a well regarded global player in cloud technology. The message of high availability and secure cloud offerings was well received and organisations are finding it an easier decision to move from their own physical data centre to the cloud.
Since then it certainly seems like the flood gates have opened. Thousands of Australian organisations have moved to local and global cloud service providers and many more are following suit.
At the same time, there has been a change in the type of customers wanting to go to the cloud. No longer is cloud computing the domain of nimble small businesses, but major Australian organisations are moving their production applications into the cloud.
With this comes the associated change in expectations about the security of the cloud, whether that be public, private or hybrid cloud environments. While security and perceived constraints need no longer be an inhibitor for organisations moving to the cloud, it is still vitally important and very much the enabling technology that makes cloud services secure and controllable. Organisations are finding comfort in a shared security responsibility model.
So what does this mean for Australian CSOs?
The hacking activity that was once centred on fame (or infamy!) is now about commerce, and organisations are being directly targeted. When your organisation is thinking about giving up some level of control, you really need to trust that the cloud environment will be at least as secure as your physical data centre, if not more secure.
It is a matter of looking at who holds the responsibility for delivering and providing operational management of security aspects in your cloud environment. Cloud offerings can address and manage the security context in line with the rest of your environment.
The best idea is to think of your server security holistically. Whether that is a physical server, a virtual server or a cloud instance, you should have the confidence that the same controls are in place.
Investigate an end to end security service capability that includes the physical, virtual, and cloud environments from a security context. Operational effectiveness and efficiencies come from those holistic solutions.
When building cloud infrastructure, it is important to consider the overall architecture and infrastructure requirements, and include security as a core component of that infrastructure. In the end what you want is secure applications and data on top of a very secure infrastructure platform.
Trust is an enormous factor when moving to the cloud, so working with known players on all levels of your cloud environment offers confidence not only to you and the IT department, but to the wider business and management team whose commitment can sometimes be tentative when it comes to security.
Data encryption is becoming increasingly important as data is being pushed from the controlled internal infrastructure to infrastructure where location, security, and privacy are based largely on contracts. Use data encryption in the cloud context, with localised key management.
As shadow IT begins to gain prevalence, many organisations may face a security challenge similar to that of BYO devices. CSOs must work with their IT departments to understand why users are accessing technology outside the secure boundaries of IT and then provide a way for users to get the resources they need quickly and easily, decreasing the temptation to circumvent existing secure infrastructure and applications. An effective cloud management platform can provide users with access to the public cloud for appropriate workloads while maintaining visibility, management and control over public cloud services.
Cloud security is really about technology integration. Take advantage of autoscaling and make sure that you can make that move to the cloud confidently. Developing the right security infrastructure makes it possible for businesses to securely move to the cloud and reap the benefits that cloud computing brings.
Sanjay Mehta is the managing director of Trend Micro in Australia and New Zealand. See: www.trendmicro.com.au.