Securing the Cloud: How Safe Is that Data?By Pedro Pereira | Posted 2008-12-04 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Cloud computing and SAAS models increase the complexity of securing data, which creates both a challenge and an opportunity for solution providers.pagebreak=Handling the Unknowns}
For the solution provider, who may or may not be in charge of the data center where the remote applications reside, the challenge becomes proving to the customer that the "unknowns" Squier mentions have been dealt with.
"The customer is really looking at the service provider to also take care of the security," says Torsten George, vice president of global marketing at security vendor ActivIdentity. "It becomes a very, very important selection criteria."
A weakness anywhere in the cloud is a potential disaster with serious consequences for companies whose data is compromised. George says by and large the data center is secure, and no known disastrous breaches have taken place there.
Vendors such as 3Com and Cisco offer technology such as integrated services routers to secure data center environments while intrusion prevention products from vendors such as McAfee and Computer Associates address intrusion prevention, says Michael Stacks, a systems engineer at distributor Tech Data.
SMBs remain vulnerable to e-mail borne attacks, spam and phishing. Read more about it here.
But while the data center may be secure, serious potential for breaches lies elsewhere. "The greatest threat, and the weakest point, is the entry point," says George.
ActivIdentity sells a host of products to secure endpoints, including smart cards, tokens and biometrics, which provide a second form of user credential verification when accessing certain applications or simply turning on their laptops. The company, which partners with solution providers to sell the technology, is also working with various SAAS vendors and providers to secure data in the cloud, George says.
Aside from protecting data centers and access to data, it's important to also pay attention to the actual development of applications, Stacks points out. "Intrusion prevention is key as you write applications that are partially hosted at your location and partially hosted in the cloud," he says.
Solution providers have options here, by leveraging security technology from such vendors as CA, Cisco, Enterasys, McAffee and SonicWall. Products from Borland, Microsoft and IBM, Stacks says, can be used to prevent security risks as a result of changes to software that take place in the cloud. "As the third party changes its applications, you're able to track the changes, and identify any security risks created by the changes," he says.