Public Cloud Security: Taking a Balanced ViewBy Tony Kontzer | Posted 2014-08-22 Email Print
WEBINAR: On-demand webcast
Next-Generation Applications Require the Power and Performance of Next-Generation Workstations REGISTER >
For many IT organizations, their resistance to adopting public clouds has given way to a more balanced perspective on the state of public cloud security.
There is one possible answer, he said: If Thomson Reuters started offering a SaaS version of Elite, the on-premise software Ward & Smith uses to manage its accounting system and several other functions, he'd be able to convince the firm to consider it. "Security with an established vendor we have a relationship with is not as much of a concern," he says.
Ask Providers Hard Questions
Regardless of the risk profile of the systems targeted for migration to the public cloud, companies should ask both themselves and their potential cloud providers hard questions about security before making a move.
For instance, 451 Research's Hanselman says it's critical to be clear about who controls the various pieces of the operational environment. What are they monitoring, and what are you monitoring? Perhaps even more important, he suggests, is that IT leaders take a hard look at their company's own security postures, especially in areas like identity and access management, and then plug any holes they find before undertaking any migration.
"Moving into the cloud will throw open curtains on a lot of insecure practices," Hanselman warns.
Saugatuck's Guptill, meanwhile, advises companies to be clear about what capabilities they need from the cloud, how much those capabilities will really cost, and how easily a cloud solution will be able to adapt to the business as it changes and grows. In other words, don't let it become a jarring leap into a new paradigm.
"Go task by task, workload by workload, step by step," he wrote.
The irony of this is not lost on Ward & Smith's Romano, who says that the cloud hasn't really changed that much in terms of securing IT systems. "This is stuff we all should have been doing anyway when the data was residing in our own data centers," he points out.