When CIOs are asked about the barriers to their adaption of cloud computing, they name security issues more than any other. In fact there is a great deal of confusion and misinformation about security floating in the air around clouds. Some believe a secure cloud is an oxymoron. Others believe that a private cloud might be secure, but not public clouds or hybrid environments.
In fact, it is possible to make a cloud secure, but it requires thinking, a plan, and then a crisp execution.
IT organizations need to learn that before they consider security products they must first look at their workloads and identify the security requirements each workload needs. Not everything needs the protection of high level security controls.
Next, they must assess the risk culture of their organization. Some companies have a fairly laissez faire attitude toward their communications and intellectual property. Others think every single thing the company touches should have bulletproof security. Your organization is likely to come somewhere in-between – some communications and documents will need security in the cloud, perhaps even fairly high level security, others will need only the protection of a secure ID and password.
Then your architects can step in, and using the input you’ve created, design the security architecture. If this puts controls between users and their information, you may need to take time to build consensus for your plan.
IBM believes that after assessing a firm’s security needs it should be able to offer a complete security solution, fully integrated. This allows the customer to look at their unique cloud workloads and engage the appropriate security requirements based on their needs and culture. IBM’s highly modular security software lends itself well to this kind of Lego block custom assembly. IBM’s approach allows the customer to aggregate or blend IBM’s assets into a virtual solution package which aligns directly with their needs. This also enables IBM and its ecosystem to respond to market needs. On July 29, 2011 for example, IBM and Security First Corp, announced a joint development agreement aimed at delivering increased performance, security, and high data availability to storage and cloud-based computing customers. For more information refer to http://www-03.ibm.com/press/us/en/pressrelease/35157.wss
This approach to cloud security enables a security dialogue to take place, leading to greater customer satisfaction – when the mystery is taken away, it’s much easier to have a calm discussion of the limits of security for specific workloads and companies. Not everything belongs on a cloud and this is a good time to decide which of your workloads should go where.
This problem-solving approach can reduce security risks, improve financial return from the security investment, and build confidence in the use of cloud computing.
The method of identifying problems, finding security solutions, and putting them together in an integrated package will make many users and their CIOs breathe a sigh of relief as they realize that security in the cloud can indeed be achieved.