By 2015 the global cloud computing market will reach $121.1 billion. IDC says that businesses are more concerned about the risks involved-- including security, availability and performance--than with the benefits of flexibility, scalability and lower costs. According to a recent survey of more than 1,000 security professionals in the InformationWeek Analytics 2011 Strategic Security Survey, the cloud is here to stay, especially for small and midsize companies, and so, too, are concerns about cloud risk. The survey shows that the No. 1 worry is security defects in the technology used by cloud providers--that is, the virtual machines, networks and databases powering the services that are used.
That's followed by the second most pressing concern, unauthorized access to, or leakage of, customer data. In addition, respondents said they were worried that big cloud vendors like Amazon and Microsoft may significantly change their offerings without notice, and that could affect security controls and technology requirements.
The good news, says John Pironti, president of IP Architects, is that security professionals have been grappling with the issues poised by the cloud for decades. This is the third time the industry has had to deal with what he calls time slicing, and it goes back to the days when mainframes ruled the IT roost. "It started out with mainframes, and they did it better, but they didn't have the depth and breadth of applications we have today. In this case, we're using software ... where, with mainframes, [security] was designed in the hardware."
However, the problems are pretty much unchanged, he says, with one of the first goals of cyberterrorism being to attack communications. "The same fundamental attack and threat problems are the ones that will still get you. The adversaries are smarter, better, but they will follow the same basic approach ... follow the value."
While the human asset is your greatest asset, it's also your greatest adversary, says Pironti. "Most companies are having problems dealing with that trusted employee. ... It is a much greater threat than the external hacker."