Cloud computing will result in an improvement in security defences

(13/07/2010)

According to a recent poll, over half of organisations believe that cloud computing will result in an improvement in security defences according to a poll from 360°IT, a fifth thought there would be no improvement and a quarter of organisations said that it will be detrimental.

Richard Hall, CEO of CloudOrigin, claims that the current trend of businesses migrating their IT systems into the cloud does not mean a reduction in security defences.

Far from it, says Hall, who, after more than 20 years in the IT business, has concluded that cloud technology actually raises the industry's game on the security front. "After decades performing forensic and preventative IT security reviews within banking and government, it was already clear to me that the bulk of security breaches and data losses occur because of a weakness of internal controls," he said in his 360°IT blog post.

According to Hall, the complete automation by public cloud providers means the dynamic provision, use and re-purposing of a virtual server occurs continuously within encrypted sub-nets. The process, he says, occurs out of sight of operations staff and without any of the manual interventions that might introduce unintended weaknesses.

"That's why solutions built on commodity infrastructure provided by the likes of Amazon Web Services have already achieved the highest standards of operational compliance and audit possible - for example in healthcare (HIPAA), credit cards (PCI DSS) and audit (Sarbanes Oxley, SAS70)," he explained.

Citing the example of Easyjet and how the successful airline has harnessed the application integration security benefits of Windows Azure at the platform as a service (PaaS) level, allowing the company to move its airline management systems into the cloud, the CloudOrigin CEO said the airline has effectively reduced its security exposure and increased its resilience as a result.

Other organisations that are drawing on the security benefits of the cloud include the RNLI, whilst the Cloud Security Alliance is bringing together users, vendors and consultants to formulate and share best practice.

Hall says that, as the CSA's executive director Jim Reavis announced to a packed room of IT security experts in London, work is now under way on cloud security controls, governance issues and many other issues. Also in the pipeline, he added, are a series of interoperability standards and audit guidance, as well as individual accreditation for practitioners. You can therefore, he says, expect to see more high-profile cloud solutions as a result.

Related topics:  Data management and data security   Internet and Web security 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources