Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Cloud Security

IT Outlook: Not Yet Cloudy for CIOs

Sorting Through Conflicting Information About Private and Public cloud Hosting Environments?

Sorting Through Conflicting Information About Private and Public cloud Hosting Environments?

In my daily perusal of cloud industry experts’ blogs, articles and news headlines, I see drastically conflicting points of view about the security and sanctity of both private and public cloud hosting environments. With such varied viewpoints, it seems IT leaders may never reach a consensus on best practices, or even the possibility for security in an outsourced, cloud IT environment. How, then, can any corporate CIO sort through the conflicting information and make an informed decision?

Being Secure in Cloud EnvironmentsBy dispelling the fears and misgivings, one by one.

Misperception #1: Perceived Lack of Control in the Cloud

Control means everything to a CIO, and many perceive that hosting sensitive information on an outsourced, shared, multi-tenant cloud platform surrenders every hope for maintaining it.

A niche group of secure cloud hosting providers understands this concern and addresses it by making the same security best practices, regulatory guidelines, and compliance controls that CIOs enforce inside their own internal organizations. But they make this available via a more affordable, outsourced infrastructure model. Backed by facilities, services, policies and procedures that proliferate PCI DSS 2.0, NIST 800.53, ISO 27001 and ITIL, these unique cloud hosting suppliers satisfy CIOs requirements with highly specialized expertise, transparency, and dedicated oversight– often to a degree that would otherwise be cost prohibitive to implement internally.

The thought of outsourcing risk management can also give CIOs nightmares. Depending on a third party for critical tasks like patch management, vulnerability scanning, virus/malware detection, intrusion detection, firewall management, network management, log management and so on constitutes a loss of control, right? Wrong!

Through secure systems access, dynamic dashboards, insightful portals, transparent configuration and risk reports in real time, secure hosting partners give CIOs control over their systems. In fact, CIOs should regard an outsourced host as an extension of their own IT departments.

Advertisement. Scroll to continue reading.

Misperception #2: Perceived Lack of Security in a Multi-tenant Cloud

Fear about co-mingling logically unrelated virtual machines and data on a single physical server with remote access capabilities keeps public cloud opponents busy. Obtaining a comfort level with the reliability of information isolation and separation in a multi-tenant cloud is paramount for CIOs. So how do outsourced IT service providers secure a virtual environment hosted in a multi-tenant cloud? The same security best practices that apply to a dedicated, standalone information system apply to a virtualized environment.

Virtual machines live in a virtual network on the hypervisor (the operating system upon which a VM resides.) With proper VM isolation, no other tenants can access or even see the other VMs or data. The same ideology applies to network security in a virtualized environment, as well. Simply implement firewalls in front of each VM. Even if the data can be separated successfully, what about data destruction? The time consuming nature and expense make degaussing disks a rare practice in a public cloud hosting environment. Instead, cloud providers often employ an extremely effective and DoD-approved disk wiping utility which performs a number of passes to properly remove data from the target storage unit.

The Reality

CIOs have a fiduciary duty and the ultimate responsibility (legally and ethically) to ensure that the corporation’s sensitive information and data are protected from unauthorized access. CIOs also have limited budgets and resources to work with so they are always researching new and emerging technologies that will reduce cost, increase security and scalability, and maximize efficiencies in their infrastructure. Independent studies have demonstrated that both IaaS and SasS cloud models decrease cost, increase scalability and are extremely efficient when it comes to rapid deployment of new systems.

A meager 3% of the CIOs surveyed in Gartner’s 2011 CIO Agenda reported that the majority of their IT operations reside in the cloud today. 3%. Seems low, doesn’t it? As you can see, a variety of reasons have delayed CIOs decisions to adopt cloud architecture. But with more quality information at their fingertips and proven results in the rearview mirror, the trend is changing.

By 2015, 43% of CIOs expect to have the majority of their IT running in the cloud on Infrastructure-as-a-Service (IaaS) or Software-as-a-Services (SaaS) technologies. In summary, cloud security, if architected and configured properly, can securely host and protect your information systems and sensitive data.

Read More in SecurityWeek’s Cloud Security Section

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...