Cloud and Security Challenges

Cloud adoption is taking place in organisations of all sizes. Internal cloud systems are being built, public cloud services are being adopted and this creates new challenges for data centre managers. The results of a recent survey investigating the issues around cloud security highlight many concerns.

Given how simple it is for end users to take cloud services on board unilaterally, it is no surprise that a majority of survey respondents say it’s a challenge getting the chance to assess security before services are adopted. Similar numbers also report issues handling the compliance implications of inappropriate cloud storage (Figure 1).

Click on chart to enlarge

Figure 1

Part of the problem is visibility. Identifying who uses cloud services, and keeping track of what data is being stored and where online can be particularly difficult. Given the results are taken from a web survey which often attracts more experienced respondents, there is a good chance the true scale of the challenges could be even higher.

Altogether the survey shows there is a distinct lack of knowledge in many organisations concerning exactly how cloud systems are being used. It is no wonder that the widely acknowledged visibility and knowledge gaps make IT data centre professionals wary of indiscriminate cloud usage. In fact only a quarter of respondents in our survey believe they have complete or very good knowledge of cloud usage.

The implications are clear and add to the headaches data centre managers already have in relation to security and risk (Figure 2).

Click on chart to enlarge

Figure 2

Managing security and identities between in house systems and external cloud providers is another challenge for the majority, as is dealing with these same requirements across cloud systems provided by multiple different suppliers. Aggravating the problem, around two thirds highlight inadequacies in the tools they use for managing security in hybrid environments. It is also worth noting that similar numbers report skills or knowledge gaps in this area.

When it comes to strengthening their position, confidence in the solutions available on the market is holding many back, with few believing that the tools available to secure hybrid cloud environments are mainstream ready. It is clear that either vendors need to produce better offerings to help manage such environments or, if they have solutions, they need to let data centre professionals know about them. Possibly both!

Even where there are well established, mature security solutions, the survey reveals limited uptake and/or deployment in many cases (Figure 3).

Click on chart to enlarge

Figure 3

The fact that so many agree they should use the security tools already widely available on the market, or at least use them more than they already do, is both an indictment of how well IT vendors communicate through their marketing programs, but also an opportunity for them.

We also mustn’t forget that these solutions are complex to implement and are often dependent on sophisticated operational processes to keep them functioning effectively. The requirement here is to ensure that security tools are simple to acquire and administer.

But even getting better security tools is unlikely to fix every challenge. People and policy issues also need to be addressed. The results indicate this situation could prove problematic as almost two thirds report funding and resource constraints.

Pulling all this together, it is clear that the security challenges raised by cloud usage are understood, but there is no silver bullet to make life easier. Instead, some basic tools and operational processes must be put in place: find out what services are being used and what data is being stored in the cloud, and work out how best to secure it appropriately, potentially using established solutions such as encryption and DLP.

Along the way you also need to get executives up to speed where necessary on why action needs to be taken, and why budgets and resources need to be made available. Easier said than done, but something to tackle sooner rather than later as the longer you leave it, the more difficult your job will become. Business cloud usage is here to stay so we must focus on making it secure. Lack of visibility is no defence, even if the organisation has an aversion to ‘the cloud’. If something goes wrong. IT is likely to carry the can, and saying you didn’t know is unlikely to be seen as a reasonable argument.


Click here for more posts from this author

Tony is an IT operations guru. As an ex-IT manager with an insatiable thirst for knowledge, his extensive vendor briefing agenda makes him one of the most well informed analysts in the industry, particularly on the diversity of solutions and approaches available to tackle key operational requirements. If you are a vendor talking about a new offering, be very careful about describing it to Tony as ‘unique’, because if it isn’t, he’ll probably know.