An April 2012 IDG Research survey found more than two-thirds of respondents—69 percent— reported their companies are consuming or piloting applications or infrastructure via the cloud. This trend is growing. This makes security of data and applications a critical concern. Security vulnerabilities can undermine every advantage the cloud brings. This white paper explores the top security concerns of cloud users, and the challenges enterprises face in resolving these concerns.
The IDG survey found that fewer than 40 percent of respondents ranked themselves as highly effective in ensuring cloud security. They acknowledge weaknesses in:
■ Finding and fixing existing application vulnerabilities
■ Understanding security and risk in the cloud infrastructure
■ Establishing a productive feedback loop with software developers and vendors
■ Ability to audit new code and applications for residency in the cloud
Another self-described weakness is a lack of enterprise-wide software security culture. The large majority of application security remains in the hands of IT operations or IT security teams. Only 26 percent report that cloud security is an enterprise-wide effort. But a strong majority—74 percent—know they need to change that. They say creating and sustaining a partnership between IT security and software development and cloud vendors around cloud application security will be a high priority during the next year.
This desire for change is driven by an increasing awareness of the risks facing enterprises that fail to maintain security. At the top of the list, 89 percent of respondents cite a lack of control over areas where personally identifiable information (PII) is present in the cloud.
A loss of PII can be devastating to an enterprise. While the average cost per record breached ( A single file, a typical breach consists of tens of thousands or hundreds of thousands of files) is estimated to range from $150 to $200. Also high on the list of concerns, at 76 percent, is cyber crime/identity theft. The sophistication and ubiquity of cyber attacks means thousands of malware variants can hit major enterprises or cloud providers every day. Numerous surveys have found that corporate data is highly desired by criminals, competitors and nation states.
The Benefits of a Good Security Policy
Given the loss of consumer confidence in enterprises that suffer major data breaches, it is not surprising that the most important benefit from good security cited by survey respondents was protection of a company’s reputation. It is not simply the raw cost of lost data that damages an enterprise, although that itself can be crippling, significant damage to a brand means lost business in the future from consumers or clients who feel they can no longer trust a vendor. This can be an existential threat. And it is no longer possible to keep major breaches out of the public eye. In late 2011, the SEC issued guidelines that require public companies to disclose security events if they materially affect the entity’s products, services, relationships, or competitive conditions, or if they would make an investment in the company speculative or risky. Security readiness of applications deployed in the cloud means greater business availability; a notion cited by 62 percent of respondents. The cloud is accessible 24/7, which means customers and clients never have to wait for office hours.
Finally, a secure cloud enterprise environment allows employees to improve their productivity, through collaboration with colleagues and clients at anytime anywhere across the globe.
The Right Cloud Security Solution For You
Cloud Consulting International specializes in Security not only for your Cloud but for your whole organization.
We take Security seriously and our policy with regards to security issues and concerns is one of “Openess, Honesty & Common-Sense“.
To that end we work directly and partner with each of the major security alliances as well as every commercial and open-source vendor we utilize or recommend to our clients, in order to make sure our clients individual security needs are met and exceed the highest standards.Unlike many consulting companies, we do not subscribe to many of the “one size fits all” security solutions that get slapped in place. When we work with a client, we drill down and through deep analysis and intense interviews and discussions with your executive staff, software development, IT, Ops departments to discover your unique security concerns and issues. At the end of which we produce one of our proprietary reports this one entitled “Detailed Security Analysis Report” which is presented and which includes not only the issues but the steps and products, processes and procedures to resolve each one in unique and common-sense ways.
Every implementation we undertake goes through a rigorous series of security and compliance audits including Symantec, VISA, Master Card, PCI & SOX. Although some clients may not be required to comply with those regulations we believe in the philosophy of “Better Safe than Sorry” and therefore every analysis, design and installation we perform is built upon a solid foundation consisting of Our 3 Core Principles:
3 Core Design Principles
- Operational Readiness
- We never install anything without a complete and robust operational infrastructure in place first. Without which, all the data which will be produced would be meaningless and without which your infrastructure would shortly be in shambles.
- HA (High-Availability)
- Our final budget analysis and indeed our installation includes two of every piece of critical hardware and software. Everything is designed and built with multi-redundancy in mind. There is no reason whatsoever your infrastructure should ever go down in a way that A. Loses you money, B. Loses you customers or C. Loses you employee productivity
- We are proud that our project up-time percentage average is 99.999% and always will be until it reaches 100%
- Our Security solutions are second to none and so far not a single client has reported a single security breach which, is how it should be and can be for you also when done properly.
- We believe in a producing unique, specific, pinpointed and common-sense solutions rather than the “one-size fits all” blanket approach many consultants would have you waste money and resources on.
- We believe every clients organizational and infrastructure security issues are unique and in response, our solutions are unique to that client alone.
From Physical Security, to Email and Social Messaging, Corporate Espionage, Network Data, Wireless, Data-Centers, Server Hardening, Networking Equipment, Compliance Issues to Application & Service Security, let Cloud Consultants International’s unique and expert security consultants perform a Security Analysis for you, you’ll be glad you did.
- Six pitfalls to avoid with enterprise cloud deployment (gigaom.com)
- Cloud security fears: justified or hot air? (xlntelecom.co.uk)
- Study Finds Cloud Security Is the Biggest Barrier to Cloud Adoption (cloudcomputing.sys-con.com)
- 7 Steps to Developing a Cloud Security Plan (infosecurity-magazine.com)
- Companies Remain Distrustful of Cloud Security (V3.CO.UK Latest UK Technology News)