printer friendly version

The cloud security debate

Security is probably the biggest bane in an IT professional’s life, particularly in light of the number of high profile hackings that have taken place over the past few of months. Security breaches seem to be growing in both frequency and stature and this creates concern for any organisation.

Cloud computing and virtualisation are taking global markets by storm, but there are a number of concerns relating to security that are preventing organisations from fully embracing these technologies. “Companies are often nervous about cloud computing and the security of their data in the cloud, particularly in light of stringent corporate governance rules,” says Lizelle Christison, exhibition manager of IP EXPO at Montgomery Africa. “One of the major concerns is the lack of clarity around who is ultimately responsible for the security of their data once it has been moved into a cloud environment. Other concerns include confusion around the legalities of where the data is hosted and a general sense of loss of control over a company’s information, effectively the life-blood of their organisation.”

Lizelle Christison

Cloud computing services are generally delivered in three different models, namely Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) or Infrastructure-as-a-Service (IaaS). “The first two models typically place responsibility of data security on the shoulders of the service provider as they own most of the IT and security stack.”

Infrastructure-as-a-Service on the other hand lends itself more toward shared responsibility. “Here the service provider will provide some level of baseline security such as firewalls and load balancing, but the responsibility of securing the individual organisation’s data generally falls with the enterprise.”

This adds a new level of complexity to the negotiation of terms and agreements between organisations and their cloud service providers. “It is critical that terms and conditions of CSP agreements are carefully negotiated and checked to ensure that responsibilities in terms of security are adequately understood and met,” says Christison. Enterprises should also investigate additional security measures for their data in the cloud.

Security is one of the key issues that will be discussed at this year’s IP EXPO, taking place on 15 and 16 November at Sandton Convention Centre. “Security is one of the underlying themes that runs across the three seminar streams – IP Networks, Virtualisation and Cloud Computing – and will therefore come under scrutiny from a number of angles,” Christison concludes.

Hi-Tech Security Solutions is hosting a Security Debate on Day 2 of the IP EXPO, where a number of these issues will be debated among leaders in the security industry.

For more information, visit www.ipexpo.co.za

Share this article:

Further reading: