In South Africa, security is one of the top concerns inhibiting organisations from embarking on the journey to cloud computing – and yet cloud computing has the potential to deliver security benefits.
That’s according to Dave Funnell, sales manager of RSA, the security division of EMC Southern Africa. In an era of increasing security attacks on organization’s information infrastructures, he believes cloud service providers can differentiate their offerings by implementing first-class critical response teams and demonstrating that they are able to deliver higher levels of security.
“It is becoming more and more difficult for companies to combat these threats by employing the necessary skills internally,” he points out. “Service providers can implement the infrastructure with the right skills and experience to manage the current and future threat landscape.”
However, there’s more to it than merely deploying the appropriate technical tools. One of the most pervasive and fundamental challenges for service providers is proving that the physical and virtual infrastructure of the cloud can be trusted. Organisations rely primarily on service providers’ reports, as well as certifications from outside auditors, to monitor performance against service level agreements and provide compliance in their private clouds. Many organisations are looking for proof that the service provider’s practices comply with their own internal policies and compliance guidelines.
“The crucial differentiator will be the ability to prove that the right set of governance and compliance standards needed in the cloud is being delivered – and to do this in an auditable manner,” Funnell says. “We anticipate the adoption of cloud governance auditing and reporting services as an important development in cloud computing.”
Although security is a major concern for companies planning to use the cloud, many industry experts believe these concerns are exaggerated. In a recent IDC survey, 15% of respondents stipulated security as one of the top three reasons for not adopting any form of cloud. Of those already using or considering cloud, 70% and 54% respectively identified security as one of their top three concerns regarding private and public cloud adoption. Only 7% of respondents saw improved security as a driver for the adoption of public cloud.
“That’s why there is a real opportunity for service providers to demonstrate that they can provide higher levels of security,” Funnell says. “Organisations will gain confidence in cloud computing when they are convinced that the service provider has a governance framework in place to audit, control and segment access and roles in line with their requirements.”
There’s no doubt that, as organisations and cloud service providers embark on the journey to cloud computing, a clear framework for managing security and compliance is needed – one which enables businesses to realise the benefits of cloud computing without compromising on the security front.
“Security and compliance concerns are top of mind for IT executives and can hinder adoption of cloud computing. Nonetheless, with the right tools, processes and co-ordination among IT and security operations teams, organisations can take control of security and compliance across the physical and virtual infrastructure – building the foundation today for tomorrow’s cloud strategies,” Funnell says.