Discussion on the real security threat of cloud computing

Public Cloud makes enterprise it uneasy. For one thing, this is a disruptive technology-transforming computing resources into a shared public facility. This technology also leads to a lack of transparency and less control of IT assets. BYOD has led to concerns about data loss and security, and no wonder some cloud novices have suddenly rushed out of the hive.





searchcloudcomputing.com A dialogue with Jim Reavis, the executive director of the Cloud Security Alliance (CSA), to discuss the public and private cloud real security issues and common misconceptions about the enterprise's entry into the cloud.





security issues are often the first priority for companies to be cautious about cloud computing lists. So what are the real security risks of public and private clouds?





Jim Reavis: Anytime we enter a new technology platform, there are many problems with the consequences of change. When it comes to public clouds, it is a significant change in the way computing resources are transformed into such shareable public facilities. There is also a lack of transparency about it assets from customer perspectives (business people and businesses) and no longer able to control it assets. Lack of transparency leads to unknown problems. As I see it, cloud computing tends to be a security upgrade for small and medium-sized businesses, as providers can actually invest in security practices. and small businesses usually perform minimal, outdated, and inappropriate actions. That's why small businesses flock to the cloud. They realize that this is the actual upgrade of their all it.





How do big companies look at it? What are the main security issues?





Reavis: For large businesses, security needs are a real problem-compliance issues, and progress in the cloud. We need an intermediate agreement and communication between the provider and the customer to ensure that we understand the security requirements and that we can communicate what we do to satisfy our customers. Subsequently, the enterprise gradually formed a complex, multi-level protection. There are traces of cloud providers trying to make their services widely replicate these requirements. The bigger your business, the more complicated your needs are. Furthermore, when all resources are not fully controlled, there are some challenges that can be met with all of these requirements.





do these problems still exist in the private cloud?





Reavis: If you define cloud computing through a complete definition, and you actually try to provide this flexibility in a relatively large range of environments, there's a lot of the same problem. For example, large financial institutions, with a large number of international markets, may be analysts and traders, and you have to actually provide these controls. This is not as big a problem as a transparency problem in a private cloud, but you have to try to isolate it (from most environments) so that they don't get a wide range of access. The larger the private cloud becomes, the more it looks like a public cloud, so they share many of the same problems.





Enterprise IT about cloud security The biggest misunderstanding is what?





Reavis: The enterprise will become a more customized cloud and will migrate more systems. Some cloud misconceptions are due to a severe lack of educational resources. I have discussed with some CIOs that they deny getting into the cloud; instead, they are using a variety of SaaS applications that are more tube-fed. There are also some cognitive gaps in what they can do if you work with providers, and instead look at their standard SLAs in a cursory way. Companies do not realize that they actually have a lot of questions to ask, and that they can strengthen cloud services with system integrators or partners. From a provider's point of view, there is a lack of understanding of the needs of large customers with a standard vision.





have you noticed that companies are not aware that they are capable of becoming middlemen for cloud providers?





Reavis: I think this is a combination of the possibility of not understanding the scope of the contract, flexibility and negotiation. Can be strengthened from the architectural level, enterprises can be themselves together with the third party or two-tier market services. There is also a lack of understanding of evaluation tools, and CSA provides many tools available. Cloud customers may say that there is no standard, but if the provider complies with specific objectives, you can ask. I think people say that there is no tool that can be used to assess compliance and as an excuse for not addressing the relationship between business requirements and the cloud environment. Then the strategy is doomed to failure.





CSA recently formed a mobile workgroup. Can you give me some additional security questions about BYOD and cloud?





Reavis: It is useful to look at mobile and cloud computing as similar consumer outcomes. On the one hand, consumerism has marketed it as a product to IT systems, such as the cloud, and has led to more robust endpoints, mobile devices. Customers can buy their own. These things come together to create shadow it, and individuals or business units can get their own back-end IT systems. This has also led to a lot of governance issues. When we start moving it segmentation, we consider data governance issues and how they affect where the data is stored. People will use app stores on these devices, whether they're collaborating or bringing them, and applying store security is a problem. We cannot ignore the move in the cloud vision because it will be a major way for users to access, exploit, and interact with the cloud. We want to consider these issues for device management or business coexistence and for the personal use of generic devices.




is
security, or service, the best way to protect BYOD?





Reavis: You will see more security features moving to the cloud. Companies will be more focused on locking devices and looking for how to encrypt information for authentication and disabling devices for remote use. Many fast-moving threats can be solved by the Internet very well. The network provides higher levels of security, and a more flexible way to support the adoption of new technologies by enterprises. The only way to keep your cloud pace is to cloud services.