Public Cloud Security Remains MISSION IMPOSSIBLE

But steady progress is being made to address security concerns of enterprise IT.

Someday, cloud security vendors and cloud services providers will convince enterprise IT that it's safe to move sensitive data and mission critical apps from the private cloud to the public cloud.

Unfortunately, that day has not yet arrived.

Security practitioners, consultants and analysts interviewed for this story say cloud security vendors and cloud services providers have a long way to go before enterprise customers will be able to find a comfort zone in the public cloud, or even in a public/private hybrid deployment.

Cloud security: The basics

When asked for predictions as to when enterprise IT will be willing to elevate their level of play in the public cloud from dabbling in non-sensitive data storage and consuming a little bit of SaaS from trusted entities like, to running business critical applications, the answers ranged from six months to two years.

So, what's hindering public cloud adoption? The hesitation over security in the public cloud centers on:

• Concerns about securing the communications channels within multi-tenant virtual networks.

• Uncertainty about how the exploding number of heterogeneous mobile devices will be securely supported in the cloud.

• An inconsistent path for extending existing identity and access control mechanisms used in the enterprise up into the cloud.

• Questions on how trusted encryption and tokenization models need to be changed to adequately protect sensitive data stored in the public cloud.

Tech debate: Public vs. private cloud

These potential technical issues are compounded by the fact that public cloud providers are notoriously unwilling to provide good levels of visibility into their underlying security practices. For an enterprise, not having a proper window into the security posture of its cloud provider will stall necessary auditing processes and compliance checks.

But all of the sources interviewed are confident that eventually public cloud security will reach the level that enterprises currently expect in their privately controlled networks.

Growing pains

The public cloud is well past the infancy stage, says Jacob Braun, president and COO of Waka Digital Media, a managed security service provider and consultancy based in western Massachusetts.

"It's more like a gifted adolescent who's recently moved to a new community. She looks at things a little differently than others. She handles things differently. People are intrigued because she's kind of cool, but at the same time they hold back a bit because she's still a bit unpredictable," Braun says.

But give her just a bit more time and most people are going to want to glom onto her popularity.

Analysts, consultants and customers say they are encouraged by product announcements from established security vendors as well as from start-ups that address many of these perceived problem spots in cloud security.

Customers are acutely aware that this extensive conversation about security in the public cloud is taking place before they've been forced to actually jump in, which is a luxurious switch from how security was handled during past corporate computing shifts, such as moving to the LAN, setting up client/server operations and opening up the enterprise to the Internet.

1 2 3 4 Page 1
Page 1 of 4
Discover what your peers are reading. Sign up for our FREE email newsletters today!