Those being attracted to cloud computing and those running away from it have the same reason to justify their action, says Aneesh Dhawan, Regional Manager – VMware India (North & East)
A survey says the main reason people adopting cloud computing is security, and ironically, this is also the reason for people not adopting it. The fact remains that nothing different has happened from the security point of view, and threats continue to exist in the physical world to the virtual world to the clouded world, if I may put it like this.
However, one thing has happened for sure: the exposure of data was less when limited to an organisation, but after moving to the cloud, the surface area has increased and so has the exposure level.
The survey said that the people who opted for the cloud felt that their service providers are fairly competent, and the ones who did not, said a lot needs to be done. And, as for the cloud service providers, they asserted that security is never enough, and that it is defined by the requirements of the customers they carry. Moreover, the threats perceived change from the way you consume services. A survey of the cloud network available worldwide by Cloud Security Alliance threw up nine threats, of which two are the major ones.
One of those is the insufficient knowledge of the person who will have the cloud as a service. One should know what to look for. It might be simple to think of it, but to have an understanding of what are the cloud service provider’s responsibilities is also necessary, so that one does not end up getting into something in which damage is inevitable.
The second one is technology vulnerabilities. This is more relevant to people who provide cloud services, like the NIC. The older way of defining security does not gel with the dynamics in a cloud environment.
Cloud security has to be layered. When you think from a management perspective, there are three layers which define security. The first one is enforcement layer where you put all your software, which are going to enforce changes or protect you, intrusion detection systems, your antivirus software and multiple others; the next one is control management, i.e. how do you control these software which you have deployed; and the third layer is policy-based as to how the software are going to work in an automated fashion.
In a physical deployment fashion you have to have a layered security system around a data center when you are delivering it to the end user, or in the case of you are consuming it, you should verify if they are offering layered security.
It is important to buy both hardware and software which are certified to run cloud computing. They are relatively easier to find because all of them actually have their compatibility and certification lists.
To date, antivirus is the only way to secure your infrastructure in a server or a desktop. But in a cloud environment, that is not required. We do not provide antiviruses, but we do provide a platform for antivirus solution providers to come up on. All they need to do is to have one virtual machine that is secure enough to do the antivirus scanning of the cloud infrastructure and secures the perimeter from the antivirus perspective for the entire environment.
Compliance is a big issue in the corporate world. But from an IT perspective, how do we ensure compliance? It becomes much simpler when you have a cloud or a virtualised environment. One just has to create a profile of how one wants their environment to be compliant and define the standards. The software available today scan and tell the vulnerabilities, the compliance breaches and what all can be corrected. It is simpler than going across to every system and checking whether it is compliant or not.
Click here to Watch Interview Live
Click here to Watch Aneesh Dhawan Speaking Live