Reaching For The Cloud Wp101366


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Reaching For The Cloud Wp101366

  1. 1. Market Pulsereaching for the Cloud It leaders cite benefits, downplay security as they move applications to the cloud. Will security worries be the undoing of cloud adoption? Not likely, given other, more pressing threats like device theft, mobility and IT consumerization. And with new technologies able to mitigate the real and perceived risks inherent in hybrid clouds—the combination of internal and external services—IT leaders say they see opportunities to up the ante on security for greater end-to-end protection. “It’s possible to do as good a job securing the cloud With advantages to both approaches, a hybrid cloud as the local infrastructure, but it is more likely that strategy is increasingly becoming the preferred option. someone else has better economies of scale and In fact, 47 percent of those surveyed by IDG are using the specialization needed to help do it better than at least one application and/or a portion of their com- you ever could,” says Chris Shull, director of informa- puting infrastructure via a hybrid cloud model, while tion technology for the Jewish Federation of Greater another 53 percent plan to do so in the future. Philadelphia. Those users confidently point to the top-line gains IDG Research Services recently conducted an online from hybrid cloud deployment, including greater survey of 122 business and technology leaders across market flexibility, improved business continuity and a range of industries to gain a better understanding of innovation, superior customer service, a stronger cloud security trends. Among its conclusions: competitive edge and expanded revenue opportunities. n Security for the cloud is a concern, but it is not as They also cite bottom-line efficiencies such as reduced troubling as other data threats. resource waste and savings on the CapEx front (see figure 1).“My executives are thrilled to have more n Nearly half of those surveyed use or plan to use features and capabilities, greater accessibility and bet- a hybrid approach to managing security for cloud ter security, all at a fraction of any reasonable cost one environments. could put on in-house systems,” Shull says. n A number of technologies are being deployed to ad- Still, many IT professionals are reluctant to relinquish dress security concerns, including integrating the exist- management responsibility to outside parties. “Hybrid ing security infrastructure into cloud environments. cloud implementations effectively straddle internal and public infrastructures, and can introduce complexi- Embracing the Cloud ties,” says Martin Capurro, director of Applications and IT service models are evolving at record speed, though none faster than cloud computing. CIOs everywhere say they are considering the merits of the cloud com- pared to traditional on-premise delivery. Specifically, they say, cloud models enable enterprises to leverage third-party expertise and more attractive economics, while on-premise services offer greater control. WP101366 12/10
  2. 2. Market Pulse Benefits of a Hybrid Cloud Approach survey respondents considering cloud security to be a significant risk. Seventy- Greater flexibility to react to changing market conditions 51% five percent consider lost or stolen devices Reducing resource waste 48% to be a significant security risk, 65 percent fret about IT consumerization, and 56 Enabling business continuity 47% percent worry about mobility. Savings on CAPEX 43% All said, only 40 percent of the technol- Enabling innovation 37% ogy and business leaders surveyed are Improving customer support or services 34% extremely or very confident that their Gaining a competitive/ 25% security infrastructure is prepared to pro- information edge tect data in the cloud. And that has themExpanding revenue opportunities 19% weighing their cloud security options: Is it Other 8% better to own all aspects of security or to Don’t know 3% Source: IDG Research, October 2010 outsource the whole function? On-premise implementations offer a single security au- thority, more control over data protection, full visibility into one’s risk and compliance Infrastructure Solutions for Qwest, a network services posture, and less complexity. Managed services, on the provider based in Denver. Working with two separate other hand, release CIOs from the financial and man- infrastructures, CIOs must coordinate efforts, commu- agement burden of in-house solutions while enabling nicate and even share data with their cloud provider. them to leverage the security resources and expertise What’s more, today’s fluid perimeter—pocked with of a third party. mobile devices and social networking sites—becomes “In biology, hybrids are often bred to gain the best harder to monitor in a hybrid environment. features of multiple breeds,” Shull says. “So is the ad- vantage of combining multiple technologies to ensure Sorting Out Security better security.” Some 45 percent of the survey respon- Those issues eventually give way to the nagging dents agree, indicating they prefer a hybrid or mixed security concerns in the cloud, the greatest of which approach to cloud security. With a mixed security is the protection of sensitive data. Survey respondents model, CIOs can maximize the advantages of managed are most focused on preventing data leaks, setting and security services while maintaining control over their maintaining security policies, managing data access, critical data protection strategy. preventing intrusions and maintaining compliance (see figure 2). And those risks can be compounded by a Outsourcing to a third party can also be an afford- dual environment. “A threat in one environment could able way to add security capabilities when budgets permeate the other,” explains Troy Herrera, enterprise are tight. Of course, there may be challenges in terms marketing director for Juniper Networks, a network of visibility and the ability to enforce security; but, infrastructure provider based in Sunnyvale, Calif. A by working together holistically, communicating, col- hacker who gains access to a cloud application, for ex- laborating and sharing reports, the internal-external ample, could make his way into the enterprise network, partnership can prove very beneficial. while an error in access control rights on the corporate network could affect cloud application security. Integrating Internal with External Yet the security of the cloud does not appear to be “A service provider can complement what you’re doing as pressing as other threats, with only 49 percent of and even enhance protection,” Herrera explains. “The 2
  3. 3. Market Pulse Cloud Security Concerns to extend the network into the cloud.” Of course, the networking component is still Preventing data leaks 61% evolving. Today, it’s all Internet-based, butSetting and maintaining security policies 56% eventually the cloud will be delivered on different fabrics, such as Ethernet. That Managing access to data 54% will enable technology leaders to create, Detecting/prevent intrusion 52% deploy and manage their infrastructure as Keeping compliant with data retention 52% they have in the past, and thus maintain laws and regulations the desired level of security, performance Encrypting data 49% and control over operations. Backup and recovery 49% It’s equally important to establish process Detecting/prevent viruses and spam 48% integration. Setting up procedures by Managing patches 36% which partners can share reports and logs is critical, as is agreeing to common Source: IDG Research, October 2010 escalation procedures, security policies and compliance milestones. key is to implement the proper security measures with Still, some level of separation can be advantageous: the goal of achieving end-to-end security, and to be “Keeping the multiple parts of our hybrid and multilay- cognizant not to weaken security along the way.” ered defenses disconnected adds important indepen- dence and resiliency to them,” Shull says. One of the IDG survey respondents concurs, advis- ing that CIOs “start by extending existing capabilities into the cloud.” Security has long been integral to Investing Wisely As for specific technology integrations, CIOs have internal infrastructure, and those investments should zeroed in on the most pressing hybrid cloud security be expanded into the cloud. Some 82 percent of concerns. Most respondents—about 80 percent—say respondents agree, saying interoperability with existing they have already implemented anti-virus, spyware, security solutions is very important. spam filters and VPN technology. Web filtering, intru- Many security solutions can work together, whether sion detection, network access control and firewalls on-premise or in the cloud, Herrera adds. For example, are nearly as popular (see figure 3). “These core tech- an in-house network access control solution can nologies have been part of IT for a while,” Herrera says. identify users by communicating with an outsourced “Now CIOs need to focus on upgrades to accommodate VPN. A Web services application secured in the cloud the changing environment and performance shift that could store underlying data in an internal SAN. And a come with cloud infrastructure.” service provider offering can federate with the internal New technology investments are critical as infra- environment to protect and enforce identities. CIOs structure becomes more complex. The top priority for just need to coordinate with their vendors to ensure 50 percent of respondents going forward is security interoperability. incident and event management (SIEM), which offers Part of that process, Capurro suggests, involves inte- crucial visibility into event anomalies and provides a grating core infrastructure elements with the cloud centralized portal in which to view logs. Data loss pre- environment—including the network. In fact, one vention and identity and access management (IAM)— respondent cautions technology leaders to “make sure which can work in conjunction with one’s NAC solution that the hosting provider has a clear strategy for how to protect data and enhance access control—were also 3
  4. 4. Market Pulse cited as likely investments in the coming year. A Few Words from Capurro believes IT professionals should put more Your Peers stock in service level agreements as well. Cloud envi- ronments must provide not just scale and flexibility, but The right approach to securing a hybrid cloud also performance assurance, including speed and avail- infrastructure can quickly dispel any lingering ability. Application performance management solutions doubts about data protection. Some of the IDG can supplement those agreements and give CIOs the survey respondents offer the following advice: visibility they need to monitor platform performance. Do the proper planning. “Understand your Provisions must be made for data portability in terms company’s current needs as well as those for of moving and retrieving data. the next five to 10 years. That will save you time and effort as well as money,” says one respondent. CIOs are advised to take their time The Bottom Line and think holistically. Others suggest engaging Since moving certain critical business applications, in a third-party security audit, site inspec- including e-mail, to the cloud, Shull says he is “enjoying tions, penetration testing and piloting before better security” than he could provide in-house. The deploying any solution. And always read the IDG survey respondents already using cloud services fine print, they say, especially in service level agree: They expect hybrid cloud implementations to agreements. enhance security through improved service perfor- mance, 24/7 support, higher levels of expertise, a reduc- Shop for the right partner. “The cloud is as dan- tion in dedicated security staff resources and lower gerous as posting your data to Facebook if you have not done a security review of the cloud security management costs. vendor,” warns one respondent. CIOs should So can CIOs really trust the cloud with their most criti- make sure they know who they are dealing cal data? “Absolutely,” Herrera says. “You just have to with. Understand not just the vendor’s security be smart in its management.” So go ahead and reach practices and infrastructure capabilities but for that cloud—and its silver lining. also their long-term plans and financials. Partners should be well rounded, with multiple offerings and expertise in transport as well as About Juniper Networks security products. Juniper Networks is in the business of network innova- tion. From devices to data centers and consumers to Choose solutions carefully. “Use only trusted cloud providers, Juniper Networks delivers the software, solutions,” advises a respondent. When it silicon and systems that secure infrastructure and trans- comes to infrastructure, CIOs must evaluate form the economics of networking. For more informa- an offering’s scalability and performance. Establish a “trust zone” for data protection, tion, visit ( and inspect data center facilities. Technology solutions should be geared toward longevity— About Qwest consider open-standards approaches to Building on unparalleled network services, Qwest helps ensure interoperability with new technolo- businesses leverage existing and emerging technology. gies. Look for manageability and operational In addition to services utilizing over 173,000 network simplicity. And whenever possible, strive to miles, Qwest has technology and expertise that extends consolidate multiple security solutions onto a to broader applications and technologies. For more single platform. information, visit ( solutions/why-qwest/list.html4