By Tanu Sood-Oracle on Apr 22, 2013
As we talk to organizations around the world, it is clear that most consider Cloud as the biggest opportunity today to reduce cost. To any organization, cloud offers numerous advantages – business agility, reduced operational costs, scalability, improved performance and more. With cloud deployments ranging from private to hybrid to public, the scale of benefits vary but so do the risks.
Going up the cloud continuum from on-premise to private to hybrid and then public cloud, IT’s control and visibility into security policies decreases.
Private clouds give organizations greater control over security and data privacy, compliance, and also quality of service, since private clouds can manage network bandwidth and implement optimizations that public clouds don’t allow. But much like your enterprise, risks arise from privileged access and insider threats. In the public cloud, policies are managed by an outside 3rd party which is the cloud service provider. A shared environment in the public cloud also causes security and compliance concerns. A hybrid cloud, by its very definition, encapsulates both the benefits and the risks of both the private and public clouds.
As we move through the spectrum, security policies get more and more fragmented as we duplicate policy data in multiple places. Consequently, latency also increases and risk increases exponentially. Add to that the compliance and governance issues and it is no wonder that Security continues to be the #1 barrier in cloud adoption. In fact, according to the “Private Cloud Vision vs. Reality”, InformationWeek Report, 2012, 82% of organizations say security and data privacy concerns are one of the main reasons they are phasing out, or have decided to not use, public cloud.
So, where best to focus your efforts so as to leverage cloud without risking security? A recent CSO Online survey of Chief Security officers found that the top 5 security concerns for cloud were all related to mobile data access, regulatory compliance and managing access to the data and the applications i.e., Identity Management.
Organizations that move applications into the cloud have to bridge the gap between the enterprise and the cloud by providing standardized security framework around data security and application access. Take some time to watch this brief screencast and learn how you can manage security risks, address governance issues while unlocking the full potential of the cloud.