Does hybrid cloud mean fragmented security?
Richard Eglon looks at the question of boosting security across hybrid cloud offerings in the wake of comments made at GigaOM
At the recent GigaOM event in London, the world's greatest innovators and supporters of cloud computing came together to discuss its future.
One participant, Harish Rao from Capgemini, told a workshop audience that the cloud bandwagon has passed, and that the future is all about predicting what is needed in business and finding workable solutions before issues arise.
Rao earned his stripes in the area of cloud computing through his position as a board director with the Open Data Center Alliance, an organisation that drives the enterprise-ready cloud and comes up with usage models for the world's businesses.
One of cloud's potential future problems plagues IT systems every day, and that is the issue of security and who's in charge of that. The answer for many in the cloud space is hybrid cloud, which mixes private and public storage offerings for businesses. This trend is taking off, and some of the biggest companies are championing this environment.
A good example in my view is Microsoft's new deal with AT&T, where the telco's customers will get VPN access to Microsoft's hybrid Azure cloud platform. Microsoft claims that nearly 70 per cent of businesses will use some kind of hybrid model by 2015.
The software giant is not the only hybrid champion. VMware is taking on Amazon with a new hybrid cloud that offers automated virtualised datacentres that require less maintenance and which supports computer services that are largely independent of specific hardware and software requirements.
Indeed, there are many cloud partnerships being forged around the world, but does this mean the cloud will be a safer place for data?
Security is one of the driving reasons for people to move towards hybrid spaces, but the transition can cause real headaches. If data is stored in two different environments they more often than not have different security policies that need to be reviewed and enforced.
Once public and private cloud overlap, regulation of the requirements becomes more difficult. The one that's public will be in the hands of a third party. Is that third party trustworthy with data? Does it adhere to the necessary industry standards?
Enterprise-cloud resellers are trying to address the issue by building data storage sites near when the customer business is based. This takes care of data residency, security and piracy issues – or at least gives businesses the impression they can manage potential problems through being physically closer to the data.
The reality is that most data stored in a public cloud isn't in fact highly sensitive or worth stealing.
Most companies are also encrypting data for both the public and private cloud to offer that extra layer of security.
The biggest threat to cloud security will always remain the insider, someone working for or at the company – an employee who wants to steal data before going off to work for the competitor, or the disgruntled systems administrator who decides to plant a virus on everybody's computer as his role is about to be outsourced.
I believe that more than 90 per cent of the greatest risks to data come from the inside, not the outside, of a company. And in those types of instances there're often no effective prevention measures.
The only thing companies can do is enforce a strict security policy that must be complied with by everyone, and maybe then hybrid cloud will deliver increased security for the masses.
Richard Eglon is marketing director at Comms-care