Clearly we are witnessing a security landscape that is evolving and becoming ever more sophisticated. To that end, organizations must shift their security strategy if they want to stay ahead of the threat. Housing data within the perimeter of an organization, as many businesses have been inclined to do over the years, is no longer the only -- or even the safest way -- to protect confidential information.
In fact, we believe the cloud holds the promise of being more secure than traditional computing models. The false sense of comfort that organizations gain from keeping security within their own four walls can lead to poor monitoring and over zealous trust -- a challenge that by its very nature does not exist in outsourced activities such as cloud.
Working with a skilled vendor that has the capabilities and knowledge to help make cloud computing a reality is the most secure way for any company to protect their data. To qualify the argument let's look at the key factors the cloud offers organizations which result in the opportunity for greater comfort in security:
* The myth of the cloud is you take your data and give it to a third party -- an over simplification of cloud adoption. In reality, as organizations move to cloud technology they do so in very a deliberate fashion, often determined by the specific purpose or work they want to accomplish. This results in organizations having increased awareness of their data and information, so they are focused on identifying and providing specialized protections for critical or sensitive information. For instance, clients who have collaboration and e-mail in the cloud need to think about access and policy controls, while clients focused on healthcare in the cloud need to be concerned with data isolation and encryption.
* The cloud offers the ability for organizations to centralize their cloud management and augment their offerings with security as a service. Why is this important? Well, the threats to organizations increase every day. Attackers have new techniques and insights into obtaining access to organizations’ information, so these services often provide access to the latest thinking and protections in a timeframe significantly accelerated over that of traditional environments.
* Cloud vendors who focus on workload driven security have the ability to focus their attentions on securing one thing very well as opposed to attempting to apply a general security paradigm with a broader threat surface. In addition, most large cloud vendors have greater financial capabilities than traditional environments, and see security spending as a business value differentiator, not just an expense.
* There is a deficit in skilled security professionals, and organizations struggle to find the skills they need to address their security needs. In fact recent skills reports found that information security positions experienced a 109% growth over last year, despite overall lagging IT employment numbers. Security is and has always been hard, and the fact organizations will struggle to hire and retain security experts means that emerging technologies and organizations with large finances will get the lion’s share of skilled resources.
When organizations take an unemotional look at security and the concerns they have about protecting their data, they often realize that their resistance to cloud technologies is not based on pragmatic factors, but rather on their own misconceptions and idea of trust. When organizations look beyond these factors they will realize that, not only does cloud computing offer the opportunity to achieve greater security of information, but also financial benefits and access to world class security expertise. This will be especially alluring for small and mid-sized businesses, which need the same levels of security larger competitors benefit from.
IBM provides an extensive portfolio of hardware, software solutions, professional and managed services offerings covering the spectrum of IT and business security risks.