Download Creating clouds that protect your business

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

page
1
page
2
Document related concepts
no text concepts found
Transcript 
HP Inform
Creating clouds
that protect
your business
In our 2011 Insight piece on cloud
computing, we quoted a call to action
from analyst group Gartner. It stated:
“The significant benefits of agility and
cost savings delivered by cloud computing
are too compelling to ignore. Forwardthinking enterprises are answering the
questions of cloud computing not with
an if, but with a when.”
One year on and that statement is, if
anything, more compelling and more urgent.
The economic arguments for cloud have
intensified as the Eurozone crisis continues
to strangle recovery, particularly in Europe
but also across the world. Embattled
CIOs are feeling the impact of the global
downturn through squeezed budgets
and the expectation to deliver tighter IT
efficiencies within those budgets. And the
solution is increasingly found in the cloud –
but not necessarily by those with security
in mind. This remains the main challenge
of cloud computing: how to ensure that the
use of the cloud is secure, especially when
functions are outsourced to third-party cloud
providers.
According to a survey by analyst group
IDG, more than one-third of IT budgets
are now spent on cloud-based computing.
However, the report makes clear that the
decision to move to the cloud isn’t about
cost alone; it’s part of a shift in overall
IT strategy.
According to the survey, one-fourth of
respondents believe cloud will play a critical
role in shaping future business strategy. It
also says that cloud computing is likely to
grab a larger slice of IT budgets in the next
few years, stating: “Close to two-thirds
of companies expect to increase cloud
spending in the next 12 months. On average,
organizations will increase cloud computing
spending by 16%.”
However, while the business and economic
imperatives for cloud are stronger than ever
(and driven by anxious CEOs), the security
concerns that we highlighted last year
have not gone away for the CIO or CISO. If
anything, they have increased. This is due to
the global increase in cyber criminal activity
and the introduction of new data compliance
laws around the world, such as the EU
Privacy Laws governing the use of cookies
on websites (see resources below).
To reiterate, the prime security concerns are
mostly around loss of control and visibility
– something CISOs tend not to like. This
manifests itself in:
– Lack of clear data ownership
– Unauthorized data uploads and
downloads to and from the cloud
– Lack of compliance with various
governance laws across different regions
– Basic trust issues with partners and
customers using cloud to store and
transmit business data
Another security concern often overlooked
in discussions about the cloud is the
emergence of cloud-based consumer apps
such as Google Docs, DropBox, and others.
Employees are increasingly using these to
process corporate data on mobile devices
– often without authorization. This is where
consumerization and the cloud meet.
Even within the enterprise, another cloud
risk has started to pose problems. The
availability of cheap “off-the-shelf” cloud
resources such as Amazon Web Services
has given rise to employees setting up
unauthorized and temporary private clouds
for special projects, often with little thought
for security policy or processes.
As IDG has found, more and more
corporations are turning to the cloud by
increasing the proportion of their IT budgets
spent on cloud infrastructure.
It is then imperative that the CIO and CISO
focus on this shift and position themselves
at the head of the revolution and not at
the back chasing, desperately plugging the
security gaps afterwards. One year on and
the advice on getting ahead on cloud security
remains the same – but the processes
urgently need to be put in place.
So there still has to be an intelligent
and sequential shift to the cloud. Many
enterprises are thus experimenting with a
“hybrid” delivery model that engages with
Issue number 8
So the message to information leaders
in 2012 is that it is now virtually impossible
to resist the shift to the cloud. It is the
future for both technological
and budgetary reasons.
external cloud providers, internal private
clouds, and existing IT architectures.
Any reputable cloud providers or consultancy
should fundamentally recognise this and be
able to provide the support and knowledge
to enable the customer to perform a cloud
risk assessment, either in partnership or via
in-house resources.
The importance of a riskassessed and quantified
shift to an ongoing
existence in the cloud
cannot be over-emphasized.
HP has a new cloud readiness tool that
enables CISOs and CIOs to determine their
own roadmap for adopting and securing the
cloud (see Resources below).
It is vital that individual enterprises get
the cloud services that are appropriate to
the market sector, existing IT policies, and
the kind of data central to the business.
Financial services and retail public sector
organizations such as hospitals, for example,
need more stringent controls on the use of
cloud than other industry sectors.
Such risk-averse organizations need a cloud
delivery model that meets its risk position
head on. In the push to the cloud, a “one
size” cloud does not fit all, and working with
a trusted and experienced provider should
factor in this equation. Gradually the industry
is starting to classify and accredit cloudbased services to deliver such trust. One
such device is the Cloud Security Alliance
Security, Trust, and Assurance Registry (CSA
STAR). CSA STAR is designed to index the
security features of cloud providers using a
170-point questionnaire that users are then
able to peruse (see Resources below). HP is
fully committed to supporting this initiative
for its cloud-based services. Even if a chosen
provider has not yet joined this initiative, the
questionnaire serves as a useful device to
challenge and rate potential cloud providers.
If a cloud provider cannot guarantee its
security framework across its services, then
it would be better to look elsewhere.
The advantages of the cloud are too good
to ignore – cost efficiencies, faster ways
of working and business agility – but the
security of enterprise data is too important
to ignore if businesses are to avoid brand
damage and financial penalties via data loss
in the cloud. A joined up and trusted partner
approach to adoption of cloud remains the
only way to marry these two.
Like any advanced secure business thinking,
cloud can only deliver its commercial
advantages when adoption follows a riskbased approach that delivers the technical
and business solutions that will benefit the
enterprise. This is an important message to
take to the board.
And finally, like any IT model, cloud
computing must ultimately serve the
enterprise, its employees, its partners and
most of all its customers within a secure
business environment. i
Resources
ICO Guidelines on EU Privacy Laws
http://bit.ly/eQZtln
HP Cloud Readiness Scorecard
http://bit.ly/bnkq4z
CSA STAR
https://cloudsecurityalliance.org/star/
HP Converged Cloud Management and Security
http://bit.ly/UxXlbm
Related documents
ASTR2050 Introduction to Astronomy and Astrophysics Studio lab April 1, 2005
ASTR2050 Introduction to Astronomy and Astrophysics Studio lab April 1, 2005
I am a tornado - Santee School District
I am a tornado - Santee School District
1 - OnCourse
1 - OnCourse
Operating System Research Worksheet
Operating System Research Worksheet
Meteorology Study Guide
Meteorology Study Guide
Why is the sky blue? - Pennsylvania Sea Grant
Why is the sky blue? - Pennsylvania Sea Grant
Clouds- Lesson 3
Clouds- Lesson 3
FinalExamSpring2005
FinalExamSpring2005
CLOUDS
CLOUDS
Cloud Computing
Cloud Computing
Formation of the Solar System
Formation of the Solar System
Solar System Formation - The Solar Nebula Theory
Solar System Formation - The Solar Nebula Theory