Their voice should be heard during cloud project, says IDC
Firms are forgetting potential security risks as they rush to embrace the cost savings cloud computing can deliver, according to IDC Western European security research consultant Eric Domage.
“Cloud offers immediate cost savings,” Domage told CBR. “Things like regulation and compliance are not immediately cost saving. In fact it’s often seen as an additional cost. Companies seem to be quick to embrace cloud computing, but slow when it comes to compliance.”
Both IDC and Gartner tipped cloud computing as one of this year’s hot topics due to the perceived cost savings it offers. But Domage believes that some companies have their priorities wrong when it comes to deploying cloud computing technology.
“It’s the same as the situation with networking 10 years ago. Companies are forgetting security to embrace the cost benefits. It’s not an IT decision to go to the cloud but it should be, because once you’re in the cloud, you’re there.” he said.
Domage believes that it is up to enterprise security chiefs to be more assertive when it comes to discussions with other C-level execs. “Security guys must learn to speak C-level language. If they are too conservative they risk going into a cloud project with no security.”
Cloud providers have recently been pushing the issue of security in the cloud in an attempt to allay fears about it. Novell signed up with the Cloud Security Alliance (CSA) to offer a vendor-neutral cloud certification programme, which aims to provide best practice guidelines for hosted computing.
The “Trusted Cloud Initiative” wants to bring together cloud providers to produce a set of standards covering cloud security, compliance and identity management.
The other security issue facing enterprises this year is the threat from social networks, according to Devin Redmond, Websense’s VP of product management. “People are using them to keep in contact with each other but in a work environment. Today’s workers expect access to these services so blocking them is not an option,” he told CBR.
“Saying no to things like Facebook and Twitter means companies will be less attractive to potential employees,” agreed Domage.
Websense recently announced its Triton platform, which combines web, email and data security in one platform. The service integrates Websense Web Security Gateway, Data Security Suite and Websense Email Security in a centrally-managed system and protects against blended threats.