|By Kevin Nikkhoo||
|October 7, 2012 01:00 PM EDT||
No, this isn't 7th grade English...I promise.
With all the important decisions IT departments make, what’s the big deal whether cloud security means from the cloud, in the cloud, of the cloud or for the cloud. Well, a lot. Among the various media, blogs, professional chatter, webinars, conferences and the like, the concept of cloud security is getting a significant amount of airplay. However, the difference in the application of a simple preposition completely alters the scope and meaning of these conversations to that of a problem or a solution.
Security IN the cloud frames the overarching issue. It is the problems often discussed by IT professionals today. They range from questions about the safety of data held within a virtualized environment to that of cyber hactivism or why do my users keep insisting on using their smartphones to access the network? These issues often point to the cloud as some wide open Wild, Wild West situation. Sorry, but I disagree. I think the cloud as a platform has matured to the point where it is a viable, protective and proactive choice. These issues would exist on any enterprise’s on-premise set up. Companies like ADP, salesforce.com, Office365, Azure have taken great pains to ensure the data processed or stored on or via their servers have a degree of security equal to or exceeding that of any on premise set-up.
But what about Yahoo? What about LinkedIn? All those passwords breached. But before you set your hair on fire and scream the “cloud is falling,” - for every cloud-centric breach, there are just as many (or more) on-premise breaches. Poor or porous security knows no platform. It favors no deployment scenario and creates no safe haven for users. Security, like any other element of an enterprise is built on smart process, consistent monitoring and effective tools. A substandard, half-hearted approach to any of these three and those unsettling headlines we read about every few months might feature a familiar company name.
In stark contrast, security FROM the cloud is the means to protect IT assets without having the heavy investments in servers, software and a variety of other related costs. But it is much more than cost savings and democratizing access to protection. For some it is the holistic application of best practices, real time visibility and best of breed solutions. “From” the cloud is providing a scalable layer of security that was typically reserved for trillion dollar companies easily deployed for any company of any size. For others it is the ability to link all the independent silos of information including transactions, proprietary data, applications (legacy and in the cloud) and manage them centrally with a greater degree of focus and accuracy.
Security FROM the cloud answers the questions posed by security IN the cloud. Who has access? Who controls that access? Can we report activity to maintain compliance? What is harmless traffic and what needs to be remediated in real time? Do I have the resources to monitor and react to issues 24/7/365? How do I centralize security analysis so I don’t have to repeat processes system after system? How do I control all those applications the sales team accesses from beyond the so-called network perimeter? What happens when an employee leaves the company or a vendor’s contract expires? Who controls all the passwords? How is data aggregated, stored/destroyed, transited and digested? Is my data safe? So many issues, so little bandwidth…until you apply an answer FROM the cloud.
Now of course, security-as-a-service (aka security FROM the cloud) or cloud-based security is not a panacea. It still depends on workflow process and the expertise to define and apply that process. But the issues surrounding scope, scale, control, capability, centralization, correlation, fast-to-market and cost are answered. The important thing to remember is that FROM the cloud is a holistic (and sometimes automated) set of enterprise controls designed to protect assets. The fact that it is managed and controlled from the cloud is simply a value added advantage. It provides a cost-effective means and accelerated degree of flexibility that can be translated into a redirection of core competency priorities. Simply put…you can worry about one less things and get to work on IT issues that drive your company forward. Of the many hats we often force our IT professionals to wear, here is one they can take off with the confidence that the goals of the enterprise are being met and its assets are properly protected.
So a preposition can make all the difference. Now the next time a blogger or industry pundit explains the wonders or the perils of the cloud…you just have to remember FROM where real solutions come.