Welcome!

@CloudExpo Authors: Elizabeth White, Pat Romanski, Yeshim Deniz, Zakia Bouachraoui, Liz McMillan

Related Topics: @CloudExpo, Microservices Expo, Agile Computing, Cloud Security

@CloudExpo: Blog Post

Are Security Concerns Over Cloud FUD or for Real?

How to do security benchmarking of vendors before evaluating them on cost

Popular British security blogger Graham Cluley made a pretty interesting statement recently. In a chat with Computing.com, Cluley said that businesses that are flocking to the cloud in herds today should stop and replace all instances of the word "cloud" with "somebody else's computer" to really understand the implications of their actions. I call it interesting because while I am personally an advocate of cloud computing, Cluley's statement drives home the point about the consequences a business might face if they do not perform due diligence.

The security concerns surrounding the cloud are not FUD. They are real and have to be taken seriously. Without a proper cloud strategy in place, businesses that rely completely on a third-party service provider run the risk of losing confidential and valuable business data. According to GigaOm Research, 75% of businesses reported to have implemented some form of cloud at their work place. Given this huge shift towards the cloud, it is imperative that these businesses are fully aware of the potential security concerns in order to be prepared with contingency plans.

In my experience, the reason this is such a hotly-debated topic is because most businesses see cloud migration solely as a cost-saving exercise. The various alternative cloud service providers are evaluated solely on the basis of cost with little to no benchmarking done on other aspects, including security. One of my clients told me that the reason they did not bother to do this was because the said service provider also owned the accounts of his competitors; which means if they go down, the others go down as well which will somehow retain his businesses' share in the market. Regardless of what happens to your competitors, potentially losing your own business data is no joke.

That is why it is necessary to critically examine your alternatives while picking a service provider. I personally go through two levels of security benchmarking:

First Level - Hygiene Benchmarking
There are some things that a service provider must provide. For instance, they need to offer user authorization controls, data transmission security layers, disaster recovery, etc. These are the basic minimum that any service provider must deliver - they do not deserve your business if they cannot offer you these features. For the record, if cost was your only benchmarking parameter, a number of providers who get weeded out in this level might be in the running for your business.

Second Level - Security Features Benchmarking
The objective of the first level is to mainly remove providers that do not have even the minimum security features that cloud computing require. The second level is where the actual benchmarking of features happen. Here, I compare the various security features that independent vendors offer. Again, I divide the features offered into two segments:

A. Mandatory Features: Some features, though not evaluated in the hygiene benchmarking, are deemed mandatory. For instance, one of the key features that cloud vendors ought to provide is data backups. Service partners for products like NetSuite provide multiple levels of back up features like offsite backup, hot backups besides redundant systems which make data protection as fool-proof as possible.

B. Optional Features: As the name suggests, these are features that do not have to be there. But if these features can help you enhance your product or help improve efficiency, then they are a bonus addition. An example of such a feature would be a security breach report.

A benchmarking report done through the process detailed above will give you an idea of how the various providers differ on the aspect of security. This is basically the first step in evaluating alternatives. Evaluating the vendors on the basis of other aspects like cost and customer support are secondary are to be done only after these products have passed the security evaluation.

Data is crucial for any business. By evaluating vendors simply on price, businesses often fail to acknowledge the importance of data to the success of a business. With the proliferation of cloud based businesses it is high time, IT decision makers realize this and evaluate the security of their business data.

More Stories By Harry Trott

Harry Trott is an IT consultant from Perth, WA. He is currently working on a long term project in Bangalore, India. Harry has over 7 years of work experience on cloud and networking based projects. He is also working on a SaaS based startup which is currently in stealth mode.

CloudEXPO Stories
"Cloud computing is certainly changing how people consume storage, how they use it, and what they use it for. It's also making people rethink how they architect their environment," stated Brad Winett, Senior Technologist for DDN Storage, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Sold by Nutanix, Nutanix Mine with Veeam can be deployed in minutes and simplifies the full lifecycle of data backup operations, including on-going management, scaling and troubleshooting. The offering combines highly-efficient storage working in concert with Veeam Backup and Replication, helping customers achieve comprehensive data protection for all their workloads — virtual, physical and private cloud —to meet increasing business demands for uptime and productivity.
While the focus and objectives of IoT initiatives are many and diverse, they all share a few common attributes, and one of those is the network. Commonly, that network includes the Internet, over which there isn't any real control for performance and availability. Or is there? The current state of the art for Big Data analytics, as applied to network telemetry, offers new opportunities for improving and assuring operational integrity. In his session at @ThingsExpo, Jim Frey, Vice President of Strategic Alliances at Kentik, discussed tactics and tools to bridge the gap between IoT project teams and the network planning and operations functions that play a significant role in project success.
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm. In their Day 3 Keynote at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, and Mark Lavi, a Nutanix DevOps Solution Architect, explored the ways that Nutanix technologies empower teams to react faster than ever before and connect teams in ways that were either too complex or simply impossible with traditional infrastructures.
According to the IDC InfoBrief, Sponsored by Nutanix, “Surviving and Thriving in a Multi-cloud World,” multicloud deployments are now the norm for enterprise organizations – less than 30% of customers report using single cloud environments. Most customers leverage different cloud platforms across multiple service providers. The interoperability of data and applications between these varied cloud environments is growing in importance and yet access to hybrid cloud capabilities where a single application runs across clouds remains elusive to most organizations. As companies eagerly seek out ways to make the multi cloud environment a reality, these new updates from Nutanix provide additional capabilities to streamline the implementation of their cloud services deployments.