Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

IT Outlook: Not Yet Cloudy for CIOs

Sorting Through Conflicting Information About Private and Public cloud Hosting Environments?

Sorting Through Conflicting Information About Private and Public cloud Hosting Environments?

In my daily perusal of cloud industry experts’ blogs, articles and news headlines, I see drastically conflicting points of view about the security and sanctity of both private and public cloud hosting environments. With such varied viewpoints, it seems IT leaders may never reach a consensus on best practices, or even the possibility for security in an outsourced, cloud IT environment. How, then, can any corporate CIO sort through the conflicting information and make an informed decision?

Being Secure in Cloud EnvironmentsBy dispelling the fears and misgivings, one by one.

Misperception #1: Perceived Lack of Control in the Cloud

Control means everything to a CIO, and many perceive that hosting sensitive information on an outsourced, shared, multi-tenant cloud platform surrenders every hope for maintaining it.

A niche group of secure cloud hosting providers understands this concern and addresses it by making the same security best practices, regulatory guidelines, and compliance controls that CIOs enforce inside their own internal organizations. But they make this available via a more affordable, outsourced infrastructure model. Backed by facilities, services, policies and procedures that proliferate PCI DSS 2.0, NIST 800.53, ISO 27001 and ITIL, these unique cloud hosting suppliers satisfy CIOs requirements with highly specialized expertise, transparency, and dedicated oversight– often to a degree that would otherwise be cost prohibitive to implement internally.

The thought of outsourcing risk management can also give CIOs nightmares. Depending on a third party for critical tasks like patch management, vulnerability scanning, virus/malware detection, intrusion detection, firewall management, network management, log management and so on constitutes a loss of control, right? Wrong!

Through secure systems access, dynamic dashboards, insightful portals, transparent configuration and risk reports in real time, secure hosting partners give CIOs control over their systems. In fact, CIOs should regard an outsourced host as an extension of their own IT departments.

Misperception #2: Perceived Lack of Security in a Multi-tenant Cloud

Advertisement. Scroll to continue reading.

Fear about co-mingling logically unrelated virtual machines and data on a single physical server with remote access capabilities keeps public cloud opponents busy. Obtaining a comfort level with the reliability of information isolation and separation in a multi-tenant cloud is paramount for CIOs. So how do outsourced IT service providers secure a virtual environment hosted in a multi-tenant cloud? The same security best practices that apply to a dedicated, standalone information system apply to a virtualized environment.

Virtual machines live in a virtual network on the hypervisor (the operating system upon which a VM resides.) With proper VM isolation, no other tenants can access or even see the other VMs or data. The same ideology applies to network security in a virtualized environment, as well. Simply implement firewalls in front of each VM. Even if the data can be separated successfully, what about data destruction? The time consuming nature and expense make degaussing disks a rare practice in a public cloud hosting environment. Instead, cloud providers often employ an extremely effective and DoD-approved disk wiping utility which performs a number of passes to properly remove data from the target storage unit.

The Reality

CIOs have a fiduciary duty and the ultimate responsibility (legally and ethically) to ensure that the corporation’s sensitive information and data are protected from unauthorized access. CIOs also have limited budgets and resources to work with so they are always researching new and emerging technologies that will reduce cost, increase security and scalability, and maximize efficiencies in their infrastructure. Independent studies have demonstrated that both IaaS and SasS cloud models decrease cost, increase scalability and are extremely efficient when it comes to rapid deployment of new systems.

A meager 3% of the CIOs surveyed in Gartner’s 2011 CIO Agenda reported that the majority of their IT operations reside in the cloud today. 3%. Seems low, doesn’t it? As you can see, a variety of reasons have delayed CIOs decisions to adopt cloud architecture. But with more quality information at their fingertips and proven results in the rearview mirror, the trend is changing.

By 2015, 43% of CIOs expect to have the majority of their IT running in the cloud on Infrastructure-as-a-Service (IaaS) or Software-as-a-Services (SaaS) technologies. In summary, cloud security, if architected and configured properly, can securely host and protect your information systems and sensitive data.

Read More in SecurityWeek’s Cloud Security Section

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...