Would your company be more likely to implement a Cloud solution if you knew it was secure? More importantly, what proof would be adequate to persuade you to adopt?
According to the upcoming Verizon 2014 Data Breach Investigations Report, the time it takes for an attacker to compromise a system in three-quarters of breaches is days or less, but less than 25% of breaches are discovered in days or less. If that 75%-plus failure rate isn’t alarming enough, then there’s the recent Enterprise Strategy Group survey of security professionals that found that almost half (42%) believe that keeping up with the latest threats and vulnerabilities is much more difficult or somewhat more difficult than it was two years ago.
Or how about security being the single biggest impediment to cloud adoption, according to Elad Yoran, CEO of security/encryption specialist Vaultive. All of the major barriers to cloud adoption have been addressed with one exception, security. Until that issue is addressed and enterprises can secure their data, even when it resides on systems they don’t control, they will be reluctant, and in some cases unable, to move to the cloud, he said.
“In 2013 enterprises got real about cloud computing. In 2014 we will integrate it into our existing IT portfolios whether IT likes it or not,” said Forrester Research analyst James Staten.
When this issue [cloud security] is addressed, we will see the floodgates of cloud open up, said Yoran. It will unleash billions of dollars in cost savings.
Unfortunately, security concerns aren’t restricted to just the bad guys. “Revelations on surveillance and data mining programs like the NSAs Prism have highlighted the risks that companies must come to terms with when their data is stored and processed in the cloud,” stated Yoran. “Whether its access to corporate data by the NSA or equivalent national security agencies outside of the U.S. and other U.S. federal agencies, or compliance with regulations that mandate data protection, businesses remain responsible for maintaining the privacy and confidentiality of their data.”
Staten said one solution is ‘bring your own encryption’. BYOE is a cloud computing security model that allows cloud services customers to use their own encryption software and manage their own encryption keys. This is going to be at the top of the security list for 2014 because of the whole NSA/Snowden data leak. We also expect in 2014 that other governments are going to get caught doing this [collecting data] too.
BYOE works by allowing customers to deploy a virtualized instance of their own encryption software alongside the business application they are hosting in the cloud. The business application is configured so that all its data is processed by the encryption application, which then writes the ciphertext version of the data to the cloud service provider’s physical data store.
It’s in the best interest of large enterprises that the data they have extreme concerns about would be a candidate for BYOE, said Staten. And there are multiple ways to handle encryption: