Cloud has been a hot topic for several years now and has impacted the dynamic of security for the organisations. While startups have been pro-cloud, many corporates are still cautious in making ‘cloud switch’. In an interview with Mohd Ujaley, Murli Mohan, Director & General Manager, Dell Software Group, says “Security has been a major concern for organisations because public cloud uses virtualization heavily as they share resources between many customers. As a result, there is security vulnerabilities, both from access levels as well as from exploits in the virtualization software.”
In what ways cloud is changing the dynamic of security for organisations?
Cloud computing has been a hot topic for several years now and it has indeed impacted the dynamic of security for the organisations. While startups have been pro-cloud, many corporates are still cautious in making that switch. Since, cloud computing comprises many technologies such as networks, databases, operating systems, virtualization, resource scheduling, transaction management, load balancing, concurrency control and memory management, security automatically becomes one of the major components of cloud computing. Whenever a data is on cloud, anyone from anywhere can access it. This makes the corporate network and data vulnerable to malicious attacks. Another reason for security to become critical is the problem of data stealing in a cloud computing environment. Many cloud service providers do not provide their own servers instead they acquire servers from other providers as it is more cost effective and flexible for operation. With this, the probability of data being stolen from the external servers becomes high. Considering these reasons, data in cloud computing can be kept secure only if there is a stringent security policy in place.
Is security fear one of the reasons for the slow adoption of Cloud?
Yes, security has been a major concern for organisations. As we know, public cloud uses virtualization heavily as they share resources between many customers. As a result, this creates security vulnerabilities, both from access levels as well as from exploits in the virtualization software. As per Gartner, cloud computing is a troubled with security risks and it has special characteristics that need a thorough risk assessment in areas such as data integrity, recovery, and privacy, and an evaluation of legal issues in areas such as e-discovery, regulatory compliance, and auditing, etc.
Despite many developments in the area of combating security issues, it is still considered as a top hindrance in cloud services adoption. This has led to the introduction of cloud encryption systems. In recent research note, Gartner states that while encryption is important to the secure adoption of cloud services, it should not be viewed as the “silver bullet”. It is always recommended that enterprises should first develop a data security plan that addresses all possible security concerns. As a repercussion of failing to do so, it can give birth to cost and other complexities. It is key to address the fundamental issues of data privacy and long-term security and resiliency while adopting cloud based solutions.
Large companies are rolling out cloud based platform for business management. How safe are corporates data on those platform?
It is all about having the right policy and practices in places while accessing the data or migrating the system to cloud. IT managers are turning to cloud to reduce their costs but most of them remain wary about the security of their applications. Today, almost every business is run on the Internet and with expanding cloud host of new data is being exposed publicly. There are studies available which says that about 80% of the website has some software concern; this means that the organisation’s sensititive corporate data are vulnerable to damage or attack. In the age of cloud, application security has become a key component of any operational IT strategy. As we all know, websites are the easiest target for all levels of cyber criminals. In the recent case of a bank attack, an attacker used SQL injection to steal credit and debit card numbers that were then used to steal more than $1 million from ATMs worldwide. It is advisable for every company to create a plan of website risk management so that they can protect their valuable corporate data from attackers.
What impact BYOD has brought to security for organisation? Isn’t a challenge for organisation to have balance between security and productivity?
Today’s organisations are challenged more than ever to protect data and address compliance without disrupting employee productivity. The consumerisation of IT and “bring-your-own-device” policies have made it more challenging for IT to secure network access for mobile laptops, smartphone and tablets. Although traditional encryption software solutions attempt to address these needs, most are difficult to deploy and manage, lack scalability across platforms and reduce performance for users. For BYOD, the security software solution must give the control to protect the organisation from endpoint to datacenter to cloud. Organisation must be able to achieve most stringent compliance requirement.
What are the major technological trends are you noticing in the light of BYOD?
I certainly feel, companies are steadily realizing that they are not adequately prepared to deal with data breaches and cyber-attacks. To help the cause, they are outsourcing IT security to committed managed security service vendors to help implement preventative measures, boost incident response and monitor and regulate mobile devices. By 2018, Gartner expects more than half of organisations to use third party security firms to help manage their network infrastructure. As consumers become gradually dependent on devices for information gathering, social interaction and entertainment, cyber threats in the form of mobile malware and viruses will become a greater threat. Businesses will need to invest in antivirus services on their networks to secure against threats that can enter a BYOD environment.