TMCnet News
Cloud more secure than on-premise IT, says PAC(M2 PressWIRE Via Acquire Media NewsEdge) London -- Cloud computing, long associated with security concerns, can be more secure than traditional on-premise IT systems, according to a new report by analysis and consulting firm Pierre Audoin Consultants (PAC). Rapid development in cloud-based security, including physical security within data centres, means that, for many firms, it is more effective and cost efficient to locate IT systems in the cloud than on on-premise equipment. CIOs and CISOs (Chief Information Security Officers) should consider the cloud for many of their IT systems, while for SMEs and local government PAC recommends that it should be the default architecture. Cloud computing has developed over the past two years to become at least as secure as on-premise IT systems, and is often much cheaper, according to a new report by PAC. Security is often regarded as an inhibitor to cloud adoption, said Duncan Brown, Research Director for Cyber Security at PAC and the reports author. But todays cloud-based security capability embeds state-of-the-art cyber and physical security that most company would find prohibitively expensive if implemented on-premise, he continued. The report, "Securing the Cloud: Approaches to protecting data in the Cloud, examines the various architectures for deploying cloud-based systems securely. It identifies three approaches to cloud-based security architectures, but notes that most organisations will choose to deploy a hybrid mix of all three. The three approaches incorporate embedded security in SaaS applications such as Box and Salesforce.com, as well as standalone security add-ons such as single sign-on (SSO) and proxy-based security brokers. The report states that cloud service providers (CSPs) were initially slow to understand the importance of security and associated privacy issues. This is especially the case in Europe, where cultural caution towards the cloud has been exacerbated by the revelations of Edward Snowden. In the original marketing hype surrounding cloud services, the physical location of the data was considered irrelevant. Enterprises were encouraged not to think or care about where that data was been held. We now know that this approach was mistaken enterprises really do care about the physical location and security of their data, and rightly so, says Brown. But in the last year PAC has noted a broad shift in CSPs marketing, positioning and product development strategies driven by two major trends. Firstly, security in the cloud is now a much more reliable and viable alternative to in-house security. Secondly, leading US-based CSPs are investing in their European credentials. Meanwhile non-US CSPs, particularly those headquartered in Europe, are making a virtue out of having datacentres based in Europe. There are good reasons to take a cloud-based approach to security. Cyber security is highly complex, requiring deep technical skills. It is therefore expensive, the cost being exacerbated by a global shortage of skilled professionals. There are five key - and interdependent - benefits to adopting a cloud-driven approach to security: * Regulatory compliance * Cost * Expertise * Governance * Simplification Most enterprises understand that they should never outsource security responsibility and governance. By using cloud-based security capability all they are doing is acquiring technology and skills more affordably. They still need to manage security processes, but engage specialist third-party suppliers to provide that capability. Brown advises that deploying cloud-based security merits a careful approach. Understand the cloud supply chain and use service level agreements that cover not only your direct suppliers but also any subcontractors that they use, he cautions. Organisations also need to review their security policies, argues Brown. Review your information governance policies when moving to the cloud, he says. Examine where you can achieve efficiencies by outsourcing to providers that offer out-of-the-box compliance from the cloud. More information about PACs recent cyber security research at: www.pac-online.com/cyber-security About Pierre Audoin Consultants (PAC) From strategy to execution, PAC delivers focused and objective responses to the growth challenges of Information and Communication Technology (ICT) players. PAC helps ICT vendors to optimize their strategies by providing quantitative and qualitative market analysis as well as operational and strategic consulting. We advise CIOs and financial investors in evaluating ICT vendors and solutions and support their investment decisions. Public institutions and organizations also rely on our key analyses to develop and shape their ICT policies. Founded in 1976 and headquartered in Paris, France, PAC is part of the CXP Group, the leading European research & advisory firm in the field of software and IT services. For more information, please visit www.pac-online.com PACs top analyst views: http://www.pac-online.com/blog Contact: Duncan Brown Director PAC UK Tel: +44 (0) 20 7553 3966 [email protected] Pierre Audoin Consultants (PAC) UK [email protected] . (c) 2014 M2 COMMUNICATIONS |