The security benefits of cloud computing

As cloud computing becomes the hot new market for IT vendors, observers have been quick to seize on the security risks of hosting data and applications outside the enterprise network.

That’s not surprising to Craig Balding.

“With any new technology, it’s easy for people to get excited about the risk,” he says. But Balding, a security practioner with a Fortune 500 company, blogger, and co-author of Maximum Security: A Hacker’s Guide to Protecting Your Internet Site and Network, believes there are also security benefits to cloud computing.

Most significant is the centralization of data, he says. “Large corporations have a problem with asset protection,” Balding says. That’s because there can be instances of the data in a number of places, including employee laptops.

“People with thick clients are bound to download files,” he says. And all too often, those thick-client laptops hold unencrypted data.

“If you combine cloud computing with thin clients,” which only hold small amounts of data in cache, there is less physical exposure to data leakage.

“I think the cloud providers have got an argument there,” Balding says.

Centralization means the potential for better monitoring, too. “I think you can do more sensitive monitoring (on a centralized data store),” Balding says. Whether the cloud provider will or not is another matter.

James Quin, research analyst with Info-Tech Research Group in London, Ont., agrees cloud computing offers some security advantages.

“The primary one is, you don’t have to do it yourself,” Quin says. Many companies, especially smaller ones, don’t have the wherewithal for a comprehensive security regimen. Who can afford 24-by-seven IT security staffing?

“(Cloud computing) offers security where you might not have had it before,” he says.

Quin says comparing how much inhouse security and what it costs for a company to the cloud model often reveals economies of scale for the provider model. “That definitely brings value,” he says.

Other security benefits of cloud computing stem from its virtualized nature, Balding says.

For example, logging often gets short shrift in terms of the data storage allotted to it. Cloud providers can automatically add as much memory as needed for standard or extended logging.

“It comes down to the on-demand nature of it, that elasticity of supply,” Balding says.

Another benefit to this dynamic scaling of computing and storage resources is felt in the incident response field, Balding says. A forensic server can be built online, costing next to nothing until it comes into use. And virtual machines can be easily cloned for offline analysis.

Many companies don’t have an inhouse incident response team, he notes. “Who’s going to do the incident response? The customer? The provider?”

Sloan says it’s important to get a service level agreement specifically regarding incident awareness and security responsiveness from the cloud provider.

Security vendors are re-architecting their products to reach inside the virtual machine, Balding says. Their long-term survival depends on watching developments in the cloud arena, he believes.

Since it’s easy to account for CPU cycles used when you’re paying for each one, the most efficient security software will have the advantage in the market, he says.

He also says that there’s an opportunity for new business models in cloud-specific security products and services.

“If someone really sat down and thought about it, there are huge opportunities for security,” he says.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Dave Webb
Dave Webb
Dave Webb is a freelance editor and writer. A veteran journalist of more than 20 years' experience (15 of them in technology), he has held senior editorial positions with a number of technology publications. He was honoured with an Andersen Consulting Award for Excellence in Business Journalism in 2000, and several Canadian Online Publishing Awards as part of the ComputerWorld Canada team.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now