When it comes to the adoption of cloud services, the research numbers are piling up. A recent Connected Planet article outlined data from three organizations that combine to support the general trend of enterprises moving – quickly – to the cloud:
- 72% of U.S. IT decision makers plan to expand their cloud services in the next 12 months (CompTIA)
- 32% of large enterprise respondents in the U.S. and Europe rated cloud computing as a 3 or 4 on a scale where 4 means high importance (Ovum)
- The rate of growth of server purchases has decreased for small and medium businesses in 12 countries as they are increasingly relying on outsourced cloud services (AMI)
As enterprises make this move, the issue of security in the cloud is at the top of the list for many decision makers contemplating consumption of cloud services – especially as they consider moving more business-critical applications, services and data into the cloud.
While some in IT may feel as if their data is safer on-premises, there is a fundamental debate regarding whether the risks in the cloud are actually greater or less than the risks seen in a traditional on-premise deployment.
The reality is that most enterprises already trust (either implicitly or explicitly) service providers, their customers and employees with the safeguarding of significant pieces of their corporate data and other intelligence assets, whether in transit on networks or at rest in systems distributed across the Internet. In addition, the complexity, types and layers of security in the cloud look very similar to what the enterprise employs on their own premises, including:
- Perimeter security
- Layered security
- Encryption of data at rest
- Encryption of data in transit
- Authentication
- Identity management
- IPS/IDS/Firewall
- Virtualization security
- Forensics
- Compliance
- Auditability
- Multi-tenant implications
From this perspective, an enterprise’s cloud services can be locked down as much as their own on-site systems so IT decisions makers can view the cloud as an opportunity to consolidate, centralize and out-source some pieces of the security puzzle to a trusted provider.