So the borderless network is a way to access cloud resources?
The proliferation of applications available as a service has created a demand to access them. The challenge for IT departments is: How do you protect those resources? I believe the only way is to embrace this paradigm and leverage vendor capability.
Can vendors do a better job protecting data than the companies themselves?
Let’s look at the realities of data security in this new world. The most famous breach of this decade did not come from a hacker trying to break through a firewall. The data on WikiLeaks came from a company insider downloading information onto a thumb drive and handing it off to Julian Assange. The easiest way to get information is to get someone on the inside to give it to you. But, the vast majority of companies don’t have the resources, time, money and skills to protect against things like this. Cloud vendors are better at protecting information than most companies that do it themselves.
How are cloud vendors better at security?
There are five major areas where I see cloud vendors doing a better job at protecting a company’s resources:
- Platform strength: To be competitive, cloud computing vendors must have platforms that are more uniform than those of most corporate computing centers. This uniformity facilitates platform hardening and enables better automation of security management activities like configuration control, vulnerability testing, security audits and security patching. Also, cloud providers usually meet standards for operational compliance and certification, in areas like health care (i.e., HIPAA) or finance (i.e., PCI DSS).
- Data is stored in a single location: Most companies these days have a mobile work force and data can be dispersed on laptops or other devices, making it vulnerable to theft or loss. With the cloud you don’t have to worry about this. Data maintained and processed in the cloud is stored in one location and securely accessed from anywhere, making it less prone to data loss or theft.
- Better staff knowledge: Because they only focus on one thing, cloud providers train their staffs to specialize in security, privacy and other areas of high interest and concern to an organization. Through increased specialization, staff members can gain in-depth experience, take remedial actions and make security improvements more readily than otherwise would be possible.
- Government-mandated security requirements: In a public market, the government imposes certain security requirements that vendors must meet. Cloud service providers are under considerable oversight and regulation by the government and other security authorities to ensure data privacy and security. Telovations, for example, must comply with annual government audits to ensure we have the proper procedures in place to protect sensitive information.
- Better backup and recovery processes: The backup and recovery policies and procedures of cloud service providers are superior to those of the business. They back up every night because they have to! Data maintained within a cloud can be more available, faster to restore and more reliable in many circumstances than data maintained in a traditional data center. For that reason, cloud services can also serve as an off-site backup storage for an organization’s data center, in lieu of more traditional tape-based off-site storage.
In summary, when you add up the advantages, one could argue that security in the cloud is better than on the premises.
MARK SWANSON is the CEO of Telovations, Inc. Reach him at [email protected].
