Way back in the 18th century, Ben Franklin said, “Distrust and caution are the parents of security.” That insight is entirely appropriate in the 21st century as companies deliberately and thoughtfully seek to take advantage of the tremendous economic benefits of cloud computing. Migration to the cloud is exploding, and the recent Cisco Global Cloud Index projects that by 2019, four out of five data center workloads will be processed in the cloud and more than 83 percent of global data center traffic will come from cloud services and applications. That’s three short years away, and it makes Joe Weinman’s prediction that, “Ultimately, the cloud is the latest example of Schumpeterian creative destruction: creating wealth for those who exploit it; and leading to the demise of those that don’t,” a business imperative for strategically concerned companies today.
While the benefits of the cloud are profound, security continues to be a significant concern and impediment to wholesale and universal deployment of cloud services for most companies. Caution and an eyes-wide-open posture are more important than ever as organizations are being transformed and changing the way they interact, operate, and compete in the business environment.
Cloud adoption and cyber-crime
Many of the historically distinguishing characteristics between traditional industry and technology companies have disappeared, which gives cyber-criminals a much larger playing field to access everything from sensitive employee and customer data, to production information and intellectual property, to M&A activity. Virtualization and the cloud create a larger attack surface that makes this kind of critical data more available—and to more people—than ever before. As more and more data is being shifted to the cloud, the criminal element is salivating in anticipation.
According to Alert Logic’s 2015 Cloud Security Report, threats vary greatly on a variety of industry-specific factors, such as online presence, customer interactions, employee activities, security controls and effectiveness, and business sector, with the largest influencers being online presence and how a business interacts with customers. Those two primary influencers seem to include the majority of businesses today, so the relationship between use of the cloud and crime probably isn’t coincidental. Global cyber-crime is reaching truly epidemic status with Juniper Research predicting that cyber-crime will cost businesses over $2 trillion by 2019.
The conventional perimeter is dead
The security community has been saying for several years now that the conventional IT perimeter is dead, and the cloud has certainly hastened it along. Whereas in a traditional data center where most of the data communications flowed north and south and could be monitored by legacy perimeter security tools, studies show that over 80 percent of all traffic in a virtualized data center or cloud environment flows east-west, from virtual machine to virtual machine. This means that the concept of a defensible perimeter that sees all of the traffic has disappeared and with that realization, traditional security products and controls that were designed to protect it are simply out of date. As the cloud becomes more ubiquitous, new security solutions are already becoming available and perhaps, just perhaps, we have a greater opportunity to finally address long-standing security challenges in new and innovative ways, such as through micro-segmentation and multi-cloud adoption.
Segmentation of networks has long been considered a best practice for separation of functional elements in an organization, such as between business units and even types of data. More importantly, however, segmentation allows for relatively granular enforcement of security policies. Software-based micro-segmentation in a cloud environment allows even finer-grained policy management, isolation of data, and control down to the workload level and across multi-cloud environments. This provides vastly more flexibility and superior security, since security is not geographically restricted but rather, follows the workload and data wherever it may be.
Multi-cloud simply indicates a blending or pairing of public and on-premise private cloud use, which provides a tremendous new level of options to organizations as they migrate some portions of the business to the public cloud and retain other portions, perhaps their very sensitive data or intellectual property, in their own on-premise data center environment. The security industry has struggled mightily with the dynamic nature of threats and vulnerabilities over the past several decades and how to balance agility with protection. The growth of multi-clouds now makes it possible for companies to select the appropriate level of data distribution and security of that data to meet their own specific needs, without sacrificing the economic advantages of cloud computing.
The technology community seems to constantly come up with new trends and buzzwords, and the cloud is simply the term in vogue. Regardless of terminology, however, the cloud is providing incredible new possibilities and value in the protection and use of data. As Marc Benioff, CEO of Salesforce, stated very plainly, “If someone asks me what cloud computing is, I try not to get bogged down with definitions. I tell them that, simply put, cloud computing is a better way to run your business.” And cloud security, if done right, is also becoming a better way to protect your business.