Rethinking IT Security For Cloud Computing
Is security still a brake on cloud deployment? If the answer to this question remains overall affirmative, the field seems much better marked that only a few months ago.
From the outset, cloud computing has sparked interest and distrust on the part of companies. Interest in this new model of IT service provision, accessible directly through the Internet and charged to actual consumption. Mistrust for the security offered by this delocalized computer placed “in the clouds” (the image traditionally used to describe the Cloud).
In detail, these concerns about security cover very different aspects. As the UK security specialist Global Secure Systems explained in a conference on the Infosecurity trade show in 2009, ISD concerns range from data privacy (who has administrator access?) To service availability, passing through the application of internal policies on these outsourced services, the intrinsic security of these offers or the contractual clauses (what recourse in case of security breaches?).
But the major subject, the one on which many decision-makers in companies work, lies in the control of data: where are they stored and safeguarded (the export of personal data outside the EU is strictly regulated)? Under what conditions can the company recover them or transfer them to another provider?
Bad image left by the “public” cloud?
In short, a whole new set of concerns that cloud system providers have, for the moment, answered in scattered order. No wonder, under these conditions, that the concept of security appears throughout the studies as the number one brake to the deployment of Cloud Computing. “In our latest study (556 executives and CIOs worldwide surveyed in the spring of 2010), this safety issue remains the main inhibitor, cited by 77% of respondents, but in previous editions of this study, it was more likely that the 90% “, notes Loïc Guézo, technical director of IBM Security Solutions. According to the latter, this reluctance that continues is largely the result of everyone’s image of the cloud: “offers access to all, via the Internet, and where security is not put forward. given the managers the impression that, once moved into the cloud, the data escaped them, while there are models that guarantee a very precise location of the data. ” Big Blue has recently invested 300 million euros to renovate or build large computing centers in France, likely to host cloud infrastructure.
On the other hand, and paradoxically, Cloud Computing can also provide business services for security. Among the leading uses in the field are those related to data backup or disaster recovery plans (allowing an organization to continue operations after a disaster). For SMEs that are often not very aware of IT security issues, cloud migration is also de facto an upgrade of their protections.
A target more and more interesting for hackers
What is certain is that the Cloud brings a change of reference framework for the head of the security of the information systems “, slice Loïc Guézo Deletion of the data – including temporary – at the provider at the end the contract, definition of a blueprint for cloud-eligible applications, user rights management in mixed environments mixing local and cloud applications, securing and sizing the transport layer, provider security audit (to verify in particular that its administrators do not have access to the data), etc.: as many new subjects for the IT teams.
And again we are only at the beginning of the Cloud. Because, as the phenomenon will gain in importance – as all research firms expect – platforms, hosting more and more companies, will become more attractive to cybercriminals and other pharmacies specialized in the theft of confidential data. “The Cloud is becoming an interesting target,” says Loïc Guézo. Not really enough to reassure the CIOs.Tags: image