Cloud lockdown
Fortinet's Paul Judd dispenses his final pearl of wisdom as CRN's guest blogger
There has been much talk of cloud computing and its next biggest challenge: security. Many IT managers are concerned about how to secure these virtualised environments, as operating in a cloud-based world inevitably creates more risks for data infection or theft than in traditional IT networks.
As companies offer cloud services such as storage for rent, software as a service, virtual IT and application hosting, they must be aware of the various pressure points in the data journey and the mechanisms available to secure data while it's stored or circulated in the cloud and when it's brought back to their client's network proper.
The most important thing resellers need to do is not to scaremonger, and instead constructively educate customers about the potential dangers of data stored in the cloud. There should be an access control security policy and some provision for DLP. Both will be critical to any compliance considerations that are impacted by a cloud strategy.
Another thing that has to be considered, is whether there is application content inspection for malware as data is being moved between the cloud and the network i.e., is encryption employed, and can data be scrubbed as it enters and leaves the network?
To that end, they also need to think about what happens on hardware and portable devices, and whether there are sufficient client security controls that ensures downloaded data does not leak into the network or back into the cloud. Once inside the cloud, their data has to remain malware-free, and that any co-located content is not infected by other people's malware. You don't want to find your most precious garment comes back dirtier than when it went in to be washed.
At the end of the day, customers want less complexity - not more. To confront the challenges as well as the opportunities of cloud, customers want enhanced speed and intelligence in their security infrastructures like they've never needed them before. That's the change we all need to embrace. After all, change always invites risk, which then has to be managed.
Paul Judd (pictured) is regional director for UK, Ireland and South Africa at Fortinet.
Read his thoughts all this week on Views from the Channel.