Profile Facebook Twitter My Space Friendster Friendfeed You Tube
Kompas Tempo Detiknews
Google Yahoo MSN
Blue Sky Simple News Simple News R.1 Simple News R.2 Simple News R.3 Simple News R.4

Friday, February 11, 2011

Trusting Security To The Cloud - How Online Services Can Answer The Security Call

article it, webmaster
Amid the burgeoning realm of cloud computing dwells an ironic twist. While security concerns continue to scare off some companies from using cloud services, others have launched headfirst into the cloud, but customers aren’t just using these technologies to handle computing loads, communications, and expanded storage requirements. An increasing number of organizations now trust their security itself to the cloud, enticed by extensive flexibility and significant potential for cost savings.


The concept of outsourcing security is nothing new. Over the past decade, businesses have progressively moved toward outsourced options to handle not only basic firewall and anti-malware needs, but also content filtering, intrusion detection, and other security tasks. Now that the cloud is enjoying top billing as a can’t-miss IT trend, Internet-based outsourced security is garnering more attention from companies both large and small.

Security’s Silver Lining
Although security remains a chief concern for many customers considering cloud offerings, using the cloud itself to secure information is an undeniably attractive option to more organizations than ever. According to a CompTIA (www.comptia.org) cloud computing study published in September 2010, 28% of organizations currently use cloudbased security offerings, while 35% plan to use them in the following 12 months.

Behind this growing push toward cloud security are benefits similar to those offered by other cloud services, says Todd Thibodeaux, president and CEO of CompTIA. These include not only the reduction of capital expenditures for security solutions, but also lower costs on their continuous operation, management, and maintenance. Further, Thibodeaux says, cloud-based solutions ultimately supply organizations with increased time and resources to focus on their core business.


“Many businesses, especially in the SMB market, can’t afford the overhead that is required by maintaining an effective in-house security team,” adds Fred Touchette, senior security analyst with AppRiver (www.appriver.com). “The costs of training, continuing education, and hardware add up quickly. A cloud based security service can supply these features by professionals who specialize in what they offer.”


Cloud-based (or hosted) security services target a wide range of threats and are designed to seamlessly integrate with existing IT infrastructure. Examples of products include email security, firewall management and monitoring, Web-based protection for both company Web sites and employees browsing other Web content, Wi-Fi monitoring, encryption, malware protection, content filtering, spam protection, IP and URL logging, packet inspection, and even social networking monitoring and protection.

Because these solutions are based in the cloud—that is, on the provider’s premises—they don’t require maintenance from the customer’s in-house IT staff. All updates and patches are handled by the cloud provider, so companies won’t need to worry that non-security IT issues are spawning update delays that might result in critical breaches. Most cloud providers require some initial installation of server and/or client software, but from there, the dirty work is handled by the provider. Depending on the customer’s needs and requirements, certain levels of customer-based administration are typically available so that changes to the service can be made on the fly when necessary.

“Outsourcing security has been a growing trend, and one that isn’t all that surprising, as evidenced by growth in the managed security service provider market,” explains Urvish Vashi, vice president of marketing for Alert Logic (www.alertlogic.com). “At the same time, cloud-based, or software as a service, delivery is increasingly the norm. The biggest accelerator of this trend is increasing utilization of outsourced infrastructure hosting providers. As customers become more comfortable moving their overall infrastructure outside of their four walls to a hosted service, we see even more companies expecting security services to be available as part of what they get from their hosting service provider.”

When Clouds Turn Dark
The typical cloud security customer is looking to save time and money and avoid hassle on IT security, which grows ever more complex as companies continue to become more mobile and delve into areas such as social networking. And yet, just as managing security in-house comes with its own set of risks, trusting security to the cloud also entails risks and complications. According to Touchette, some of these risks derive from the same denominator shared by other cloud services: the network.

Cloud security services rely on the Internet to successfully monitor and manage both on- and off-premises customer assets, such as desktop and laptop computers. If the network connection between any of those assets and the cloud provider isn’t available, the provider generally is unable to carry out those tasks. The same situation and risk exists for other cloud services; for example, if a company stores files on a cloud storage service, it won’t be able to access those files if it can’t access the online service.

The downfalls of outsourcing security to the cloud don’t end with potential network perils. For many companies, security is an intimate process that’s tightly intertwined with the business and its overall goals. Each company has its own set of unique requirements, including staff that handles varied sets of data and company information, as well as equipment that might not fare well under a one-size-fits-all security solution. Whether an IT department is staffed by dozens of employees or just one, it’s that staff who knows these requirements best. As such, ineffective communication between the cloud provider and the IT staff—as well as the business staff—at the outset of a cloud security implementation could spell trouble in the future.

Companies with existing IT security staff can also encounter backlash when they reveal plans to outsource certain (or most) security functions. Even if the intention is to offload excessive work, many IT personnel understandably feel committed to their security environments and might be reluctant to hand over the reins to a third party. These delicate issues drive home the need for companies to thoroughly research cloud-based security providers to ensure a proper fit with their existing environment, including a provider’s ability to recognize and handle concerns.

“From the provider’s perspective, there are obstacles to overcome with customers who are reluctant to outsource their security requirements. These factors include a preference for relying on internal IT staff; concerns about cost; privacy concerns with turning over security to an outside firm; and a general lack of awareness of the capabilities of a cloudbased IT security service,” Thibodeaux says.

Careful Cloud Approach
Trusting security to the cloud doesn’t need to be an all-or-nothing decision, because most hosted service providers offer packages that target specific data or communication types. For example, Trend Micro offers separate services for email security, Web site security, and endpoint security that protects desktop and laptop computers. If your company is already set in those areas, you can also find more specialized services, such as Paetec’s Network Firewall service, which also includes the option for adding on intrusion detection and intrusion prevention technology. But finding the right product and provider for your environment nonetheless requires some legwork.

“Companies must have a firm grasp on what their security and compliance mandates and goals are, along with what are their overall infrastructure plans,” Vashi says. “Both are critical inputs to evaluating any security plan, whether cloud-based or not. Any security solution under consideration must give you the flexibility to make the infrastructure decisions you need. Security needs to support the infrastructure plan and not hinder it. The trend with infrastructure is clearly to begin moving part of that infrastructure to hosting environments.”

To successfully engage in that trend, companies need to retain a comprehensive view of their security and compliance positions for any security tasks that are moved to the cloud, Vashi adds. This means that the selection and evaluation of a cloudbased provider should ensure that the provider can address your needs regardless of how you deploy your IT infrastructure. Indeed, because this is security that’s moving to the cloud, steps must be taken carefully and deliberately on the way there.

“Should [a] business outsource intrusion detection or antivirus monitoring responsibilities to a third-party provider, the business needs to make sure the provider is credible and capable of meeting the business’s expectations and requirements,” warns Josh Zachry, associate director of research operations for The University of Texas at San Antonio’s Institute for Cyber Security. “Most of all, the business needs to make sure that it is comfortable with the level of risk it is accepting by outsourcing those responsibilities to a third party provider. This is probably the most important thing that any business can do to help itself. If it’s not in black ink on a signed contract agreement, the business is ultimately liable.” ▲



article by : Christian Perry

Related Post:

Widget by [ Iptek-4u ]

0 comments:

Post a Comment

 
Copyright © 2010 - All right reserved