Cloud Security: Perception VS Reality

WHITE PAPER: KVH Cloud Solutions Cloud Security: Perception VS Reality A breakdown of the top misconceptions enterprises are facing when assessing the security levels of cloud computing environments, and the realities behind them Table of Contents 2 Introduction 2 Perception 1: The cloud cannot be secure 2 Perception 2: Cloud computing is less secure than on-premise alternatives 3 Perception 3: Private Clouds are secure, Public Clouds are not 4 Perception 4: Compliance guarantees ssecurity 4 Conclusion 5 Appendix: Cloud Security Must-Haves 6 About KVH Copyright© 2012 by KVH Co. LTD All Rights Reserved. Not to be copied or reproduced without express permission of KVH Co LTD Page 1 of 6

Cloud Security: Perception VS RealityIntroduction to the kind of server being used and the network connecting their systems.Ranked as the top technology priority amongCIOs in Asia in the 2011 Gartner Executive For industries that need to align with specificPrograms (EXP) CIO Agenda Survey, cloud regulations, such as the financial servicescomputing has attracted significant attention sector, ensure your service provider not onlyas businesses are becoming keen to offers security services that meet theseunderstand how they can effectively standards by holding certifications in ITIL, ISOleverage these services at minimal risk and for 27001, and SSAE16, but is also experiencedmaximum benefit. With the continued growth enough through servicing other businesses inof online security threats and ways that these your industry to understand the role securitycan spread, security is repeatedly being solutions play in how your business functionsreported as a key concern among businesses and transfers data.when determining whether they should moveto the cloud and, if so, what kind of cloud Depending on the service and provider,solution they should be adopting. cloud computing solutions should be able to meet the security requirements of anyThis whitepaper aims to outline and verify the business from a technology perspective, astruth behind some of the common well as throughout their internal processes,misconceptions about security and cloud operations, and personnel.computing that can often deter businessesfrom adopting this evolving and potentially Perception 2: Cloud computinghighly beneficial technology. is less secure than on-premisePerception 1: The cloud cannot alternativesbe secure Reality: As cloud computing is strongly based on automated systems, it actually avoids theReality: Cloud environments can be highly common security breaches that occur withsecure and levels of security can be scaled to on-premise systems due to human errors.suit a business’ specific needs and existing ITsystems. Before implementing a cloud service, Also, outsourcing ensures that physical accessask the service provider what level of security to your servers is strictly monitored 24 x 7 bythey offer through public, private, or hybrid highly experienced professionals. Vendorscloud solutions, and how this differs according place high importance on these technologies, Copyright© 2011 by KVH Co., Ltd. All Rights Reserved Page 2 of 6

Cloud Security: Perception VS Realitystaff, and processes to ensure that their Reality: This perception is fundamentally builtcustomers’ data is kept secure at all times. A on the understanding that there are two kindssecurity breach can be just as detrimental to of cloud services. However, depending oncustomers as it is to their service providers, not the use of hybrid configurations, on-premiseonly due to the expenses of solving the issue hosting and colocation, dedicated serversand implementing new technology and and networks, VPS, and various otherprocesses where necessary to ensure the technologies, the security of a cloud serviceproblem cannot arise in the future, but also can significantly change. Just as a network orbecause of the significant blow to their server configuration can be tailored to meetreputation that can take months, if not years, certain business requirements, a cloudto earn back. environment’s security can also be customized to meet compliance issues andFor cloud computing service providers, this is other needs.a core part of their business, allowing them tomake expensive, long-term investments in For example, the use of dedicated VLANstheir security offerings to ensure they can would logically separate customersucceed in this increasingly competitive environments and provide security control atmarket by providing customers with the best layer 2. Intrusion prevention systems, Firewalls,services available. Furthermore, as more Encryption, Authentication, Authorization,businesses in the financial services sector are and Audit Trails provide the required securityadopting cloud computing solutions, service controls to protect your assets and data.providers are being forced to improve their Leverage your provider’s Professional Servicesstandards to meet the regulatory compliance to determine these details since, dependingand operational security needs of these on the equipment used and configuration, aorganizations, inevitably leading to an overall public cloud could be just as secure as arise in security standards across the industry. private cloud and, despite the perception, private clouds can have security weaknessesPerception 3: Private Clouds in their infrastructure or how they are managed.are secure, Public Clouds arenot Copyright© 2011 by KVH Co., Ltd. All Rights Reserved Page 3 of 6

Cloud Security: Perception VS Reality Example Use Case of a Closed L2 NetworkPerception 4: Compliance has been supplied. As well as assessing the actual solution being provided, ensure yourguarantees security provider’s certifications are up to date and that they regularly conduct internal andReality: A service provider’s certifications in external audits to maintain a high level ofITIL, ISO 27001, and SSAE16 should be security across their infrastructure, processes,thoroughly assessed to ensure the provider is and daily activities.adhering to their own industry standards aswell as your industry’s regulations and Conclusion:compliance requirements. However, it shouldalso be recognized that a service provider Despite the security concerns mentionedshould not be considered ‘secure’ merely above, more and more companies arebecause of their certifications. adopting cloud computing solutions to remain competitive and meet the evolvingThese certifications determine the standards a needs of their business and customers. Theprovider has met at a certain time, and do CIO Global Cloud Computing Adoptionnot necessarily ensure that these standards Survey of 2011 showed that two-thirds ofare being maintained after the certification organizations are planning or currently Copyright© 2011 by KVH Co., Ltd. All Rights Reserved Page 4 of 6

Cloud Security: Perception VS Realityadopting cloud computing, with 22% already measures deter you from leveraging thisin department and enterprise-wide highly valuable technology. Instead, assessdeployments. your business needs, the IT challenges you are trying to overcome, and your current ITWhen assessing the security of your cloud systems to ensure the right security solution issolution, do not let necessary security provided for you.Appendix: Cloud Security Must-Haves Certifications ITIL, ISO27001, and SSAE16 certifications for industry-standard processes, data center design, SDLC, operations, and maintenance Encryption Protects data from interception Firewall Provides access control filtering Authentication Ensures access to the system and data is only allowed to users who have been granted permission Authorization Ensures users can only perform actions that are permitted Auditing and Provides management teams with a clear window into what Reporting resources are being used by who and how Replication & Reliable backup and redundant systems support BCP and enable Redundancy fast data recovery when required Data Center Manages the physical access control of who has access to the Access Controls systems housing your data Copyright© 2011 by KVH Co., Ltd. All Rights Reserved Page 5 of 6

Cloud Security: Perception VS RealityAbout KVHKVH was established in Tokyo in 1999 by Fidelity Investments as a Japan focused IT /communications service provider. As an information delivery platform that allows enterprisecustomers to store, process, protect and deliver their vital business information, KVH offersintegrated cloud and network solutions that include infrastructure-as-a-service, managedservices, data center services, professional services, data networking, internet access, and voiceservices. KVH operates the lowest latency network in Japan, and with over 450 financial servicescustomers, is the leading provider of ultra low-latency network and proximity hosting solutions tothe high-frequency trading community in Tokyo and Osaka. KVH also offers low-latencyconnectivity services between major financial markets in the Asia/Pacific region and the USincluding Tokyo, Chicago, New York, Singapore, Hong Kong, Shanghai, and Sydney.More information on KVH can be found at www.kvh.co.jp/en/ Copyright© 2011 by KVH Co., Ltd. All Rights Reserved Page 6 of 6

Cloud Security: Perception VS Reality

by KVH Co. Ltd. on Jun 27, 2012

Accessibility

Categories

Upload Details

Usage Rights

Statistics