Security in the Cloud
Cloud computing promises to reduce IT costs and simplify everyday technology tasks. A host of new technologies can keep data and applications secure.
November 14 , 2011
Cloud computing – defined largely as delivering applications and IT services to enterprises and consumers over the Internet – is transforming the way companies conduct every aspect of their business.
The global market for cloud computing will grow from $40.7 billion in 2011 to more than $241 billion in 2020, according to an April 2011 report from Forrester Research titled "Sizing the Cloud." Of that amount, the "public cloud"–or applications and services offered to businesses and consumers via the public Web--will be worth $25.5 billion in 2011 to $159.3 billion in 2020. With so much potential profits at play, hundreds of public cloud companies have sprung up, roughly divided into four main sectors: infrastructure-as-a-service (IaaS); platform-as-a-service (PaaS); software-as-a-service (SaaS); business processes-as-a-service (PaaS).
For enterprise and consumer users, cloud computing promises to reduce IT costs and simplify everyday technology tasks--from file sharing and storage, business processes, and collaboration to entertainment and social networking. You simply log onto the service via a Web browser and everything is transacted, analyzed and stored on a server far, far away. But the magic of the cloud also presents a major threat: potential security breaches.
"So far, there have not been any large security breaches in the cloud, but they will occur, it's just a matter of time before hackers gain access to the goldmine of data and applications stored in the cloud," said Richard Stiennon, a contributing analyst at GigaOM Pro and founder of security research firm IT-Harvest.
Half the organizations not adopting cloud computing cite security as the main reason, according to the Forrester report. While organizations are most concerned about data protection, system integrity and availability, they are also worried about application security, proper monitoring and auditing, oversight and compliance.
"The level of security you get in the cloud depends on the service you consume, for example, SaaS provides very robust security at the application level, while IaaS makes the user much more responsible for defining and implementing their own security requirements," said Tony West, vice president and CTO of Connected Architecture at Cisco. The conmpany has developed a security architecture to meet the needs of "borderless networks" in the cloud.
Large cloud service providers such as Amazon, CSC, HP, IBM, Salesforce.com and Verizon Business have built robust security mechanisms -- offering both application-level security as well as firewalls and encryption at the infrastructure level. These service providers store petabytes of sensitive data in the cloud and have so far suffered no serious security breaches.
Meanwhile, security software companies have created firewalls and encryption that companies can deploy on top of any cloud-based services they use. Layer 7's CloudSpan CloudProtect and Managed Methods' JaxView for Cloud Management are two of the cloud-focused security solutions on the market, while companies such as Altor Networks, Catbird Networks and Reflex Systems have adapted their data center security products to run in cloud environments.
Most cloud security solutions have shifted from protecting corporate networks using firewalls to instead securing point of access via a combination of firewalls and user-level encryption -- so no matter which device someone uses to log onto the cloud, their communications, downloads and uploads are protected.
For example, the Cisco cloud security architecture allows organizations to set up sophisticated security parameters at the user level. A Cisco reports states that a company could create a policy such as "the VP of sales can access the global sales forecast, but if she is seeking access through a smartphone in China using an unknown protocol, and meanwhile she already authenticated herself through the main campus in California two hours ago, this connection is invalid."
Another way to secure cloud data is to deploy a gateway encryption device that sits inside a company's network. Cloud Passage is one of a few new cloud-only security startups that offer such devices--encrypting all company data when it's uploaded and downloaded from the cloud. GigaOM Pro's Stiennon says these technologies, as well as offerings such as Trend Micro's SecureCloud identity-based encryption product, are promising because fully-encrypted data is much harder for malicious hackers to "see."
"Security vendor strategists are finally turning their attention to securing broader IT application and data workloads as these migrate from corporate data centers into managed cloud services," according to the Forrester report. "This shift, from security in the cloud to security of the cloud, marks the beginning of a significant and sustained transformation for the IT security market."
The contents or opinions in this feature are independent and do not necessarily represent the views of Cisco. They are offered in an effort to encourage continuing conversations on a broad range of innovative technology subjects. We welcome your comments and engagement.
We welcome the re-use, republication, and distribution of "The Network" content. Please credit us with the following information: Used with the permission of http://thenetwork.cisco.com/.