By Mark Kraynak.
Gartner predicts that global spending on public cloud services will grow from $155 billion this year to $210 billion in 2016. The forces driving enterprise IT to the cloud are faster deployment and easier management, which translate in the end to less cost. But at the same time, cloud deployment is significantly increasing security and compliance risk because security solutions have not kept up – leaving high value assets seriously exposed.
So what are some of the security gaps exposed by this ‘cloudification’ of the data center? They include:
- Multi-tenant environments create new risks because you suffer if your another tenant gets compromised.
- In many enterprises, users are circumventing IT and turning on cloud services without any controls. This ‘shadow IT’ significantly increases security risk and undermines compliance programs as sensitive or regulated data often ends up in the cloud without the knowledge of IT.
- Moving corporate applications to the cloud opens what used to be highly sensitive, internally facing applications to the entire Internet. That’s the point of using the cloud: your users can access your applications from anywhere. But doing that increases the attack surface of your ‘internal’ applications, which increases risk.
- Most cloud providers do have controls in place to protect the underlying service, but they often deploy end user controls to the least common denominator to avoid disrupting user access.
What can you do?
Most organizations have a mix of on-premise and cloud solutions. Further, the cloud itself has many different deployment models, each with its own requirements. Because of that, it’s important to look for a vendor that covers the range of security gaps that exist in cloud security today.
Mark Kraynak is senior vice president, Worldwide Marketing at Imperva.
•Date: 10th February 2014 • World •Type: Article • Topic: Cloud computing