Asia's Source for Enterprise Network Knowledge

Sunday, June 25th, 2017

Security

Why service providers can help allay public cloud fears

This year, spending on IT infrastructure for public cloud deployments will regain double-digit growth after a slowdown in 2016, according to forecast from the International Data Corporation (IDC).

The research firm also predicts that public cloud data centers will account for 80.4% of the $47.2 billion to be spent on off-premises cloud IT infrastructure in 2021, and 60.5% of the US$41.7 billion to be spent worldwide on IT infrastructure products for deployment in cloud environments this year.

"Growing demand for access to agile IT resources and proliferation of next generation workloads will continue driving adoption of cloud-based services,” said Natalya Yezhkova, research director of Storage Systems at IDC.

However, massive data breach incidents such as those reported by Yahoo in September and December last year that involved at least 500 million and 1 billion user accounts respectively, have shaken confidence not only in the company but also in public cloud services. Such incidents perpetuate organizations’ view of IT security as the top barrier to cloud adoption.

Hence, nearly 75% of ASEAN small and medium enterprises polled in study last year felt that their data was most secure when under their own IT department rather than under a cloud service provider (CSP). Even so, adoption of cloud security services continues to grow at unprecedented rates.

Caution and confidence

At a recent Singapore Computer Society conference, industry experts noted that with increased digitalization, more companies are leveraging the cloud to not only boost efficiency but also manage business continuity. And with more companies adopting cloud-based services, the Infocomm Media Development Authority hopes to ensure a robust cloud environment by working with industry players in areas such as cloud security and handling of cloud outages.

Mike Vizard, who blogs for Intronis solutions by Barracuda, cited a recent survey by Crowd Research partners that highlighted organizations’ top cloud security concerns: Protection against data loss, threats to data privacy, and breaches of confidentiality. And the single biggest security management headache that organizations have is the lack of visibility into cloud infrastructure.

Strikingly, Yahoo aside, after a decade of cloud computing, no major breach has occurred on leading cloud platforms such as Amazon Web Services, Microsoft Azure, Google Cloud Platform or any number of software-as-a-service (SaaS) application providers. Vizard noted that “while there have been some major breaches, virtually none of them have involved a provider of a cloud service being used to deliver application services.”

Hence, despite some IT professionals’ reluctance to use cloud services for fear of losing the control they need to manage security or losing their job altogether, these services are not going away anytime soon. And while IT security tools continue to evolve and mature, IT professionals’ focus must be on finding ways to harness the expertise and resources of CSPs to boost cost-efficiency and security for all workloads in their respective companies.

Cloud-augmented IT

This requires IT organizations to rethink security and learn to augment their capabilities with those of the CSP and the vendors to provide better security than could be done before on premises. Security vendors like Barracuda, and the CSPs that implement their solutions, employ the very security experts that companies struggle to find.

“By and large, the providers of cloud security services have shown by the test of time that their security is as good or better than what most internal IT organizations could do on their own,” Vizard said.

For example, Richard Rushing, chief information security officer at Motorola Mobility, was quoted in a blog post as saying, “The experience from a vast majority of cloud service providers is greater in sum than the experience you have on your own team and data infrastructure provider.”

Companies gain more tools and greater visibility on their cloud data. “[Enterprises] want to have these things, and I think probably that was why clouds were so scary to so many people,” Rushing added. “Originally, it didn’t have that visibility, but now you can get almost identical visibility that you can get on your local network.”

For this reason, Barracuda provides customers with end-to-end visibility for granular control and greater insight into workload security. Controls around logging and identity and access management controls enable companies to enforce security policies, regardless of where the data and infrastructure reside, even if they’re in the public cloud.

This is a QuestexAsia feature commissioned by Barracuda Networks.