Ahh, so many companies have their head in the cloud now. By 2014, many companies have already begun to realize the potential of moving at least some of their key offerings into the cloud whether the focus is on reducing cost, increasing scalability and elasticity, or simply to provide a more cohesive experience for their customers across the increasingly diverse technology and device landscape these days. However, the big question on everyone’s minds today still falls in security. Is the cloud at a point where hosting services in the cloud can offer the same piece of mind as traditional on-premise solutions can?
While enterprise public cloud providers, like Amazon or Microsoft do provide some degree of security policy with their public cloud offerings, the ultimate responsibility still falls with the customer who must attempt to extend their own corporate security policy. However, one of the big challenges felt by businesses even today is that there is a lack of operational workflows for supporting consistent policy management, especially in hybrid environments which are becoming quite common. In a recent survey, it was reported that as many as 4 out of 5 companies still do not feel they have cohesive, consistent security across their multiple offerings.
To add to this, there are multiple layers of cloud service offerings, including Infrastructure as a Service (Iaas), Platform as a Service (PaaS), and finally Software as a Service (SaaS). Companies that have opted to go the IaaS route and are building out the platform and hosting their own software services will feel this burden even more – having to work across the layers to ensure there are not significant lapses in security policy. Because of the complexities of the environments, and the varying business requirements of the software or services being hosted, there is no single roadmap for accomplishing this yet, nor does it appear there will be one anytime soon.
So where do we go from here? With the multiple major compromises and attacks we’ve been seeing in the headlines recently, companies are feeling a sense of urgency more than ever. Investment in comprehensive security policy and monitoring spanning diverse, hybrid environments is already starting to increase rapidly, which will continue to drive innovation in this critical market. Some startups like FortyCloud are already sensing this and responding with their own SaaS solution (Security as a Service) that can tie directly into an organizations identity management services (such as Active Directory).
As information security continues to expand and evolve at a accelerating rate, it is likely we will see cloud security become almost a new “discipline” in the industry. With this, sets of commons standards will be better defined and adopted as more than best practices – but fundamental to operating securely in an increasingly hostile threat landscape. So, are we there yet? That point can easily be debated, but we’re certainly headed in the right direction now. And as companies double-down to respond to the enhanced malicious capabilities we’re seeing crop up recently, we should see a much more seamless, innovative security apparatus come into the market in the next couple of years as a response.