Cloud safety

Security threats may help drive adoption of cloud computing
Rudolf Sarah is regional cloud director, MEA, at Orange Business Services.
Rudolf Sarah is regional cloud director, MEA, at Orange Business Services.

Share

Several high profile cases of hacking and technical difficulties have cast a shadow over the security and reliability of cloud computing solutions. Assessing your current state of security needs and data security, and comparing this with your cloud partner’s offer, is the recommended way forward for customers.

Essentially, cloud is a disruptive technology and service model that is changing the role of the IT department as we move to “utility computing”. And just in the same way you may trust your bank with your money, despite recent upheavals in the sector, you are gradually trusting providers with your data. But how comfortable are you about putting your confidential information in someone else’s hands?

One of the most cited barriers in the adoption of cloud computing in the MENA region but also globally is security, with the fear of an organisation’s data residing outside the company. Whilst fear is understandable, it is largely misplaced as the reality is that major cloud providers often offer higher levels of security than the customer organisation can provide internally, backed up by the fact that there is a contractual commitment to secure data.

Security threats evolve by the day, sometimes by the hour or minute and this makes it increasingly hard for corporate customers to fight this battle on their own. Quite often enterprises are at a disadvantage when fighting hackers as we have recently seen in a few high profile cases.

In February 2011, the International Information Systems Security Certification Consortium published its Global Information Security Workforce Study. It found that 92% of the 10,000 security professionals surveyed wanted to have a detailed understanding of cloud computing before choosing to implement it.

Industry bodies are already working on developing security best practices for cloud computing. Version 2.1 of the Cloud Security Alliance’s guidance on governance and enterprise risk management in the cloud recommends that part of the cost savings from cloud-based contracts be reinvested in the continued scrutiny of a cloud provider’s security.

One of the first actions that enterprises need to take is to actually understand the nature of their organisation’s data. According to the ISACA (Information Systems Audit and Control Association), if the traditional rule of thumb for confidentiality in data classification is applied, 85% will be low security (and therefore, potentially deployed outside the corporate firewall), 10% will be internal (and therefore, will require a higher level of security), and only 5% will be ‘secret’ and therefore, potentially unsuitable for any open (discretionary) security regime. The trick lies in understanding which data is which.

To help them do this, companies need to update their sourcing policies so that security experts are part of every project team and perform a risk analysis to assess the security needed for each category of data before engaging a service provider. In the telecom world, data segregation via classes of service, based on the priority needed, is now common place but such fine-tuned data policies based on security and priority are still relatively new in the cloud. Yet, not all clouds are alike and companies should select a provider that will match their security and privacy needs. Low cost clouds are often appealing but they lack built-in security and policy control.

Orange Business Services has put in place a complete set of consulting offers around security and cloud, helping our customers assess their current situation and risks in order for them to take the appropriate migration path. Our solution portfolio spans public, virtual private and private clouds, as well as unified communication and collaboration solutions.

Rudolf Sarah is regional cloud director, MEA, Orange Business Services.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.

Editor's Choice

Emerson expands analytics platform for industrial enterprise-level wireless infrastructure management
Plantweb Insight platform adds two new Pervasive Sensing applications that manage wireless networks more efficiently with a singular interface to the enterprise
Digitalisation seen as a competitive advantage by Middle East private businesses
Nearly 80 per cent of private business leaders acknowledge that digitalisation can impact business sustainability
Etisalat introduces Multi-Access Edge Computing architecture delivering best-in-class video streaming performance for 5G networks
MEC architecture achieves performance gains of as much as 90% in video streaming, validating how ultra-low-latency applications will be delivered over 4G and 5G networks

Most popular

Don't Miss a Story