Security remains a key inhibitor to cloud computing adoption according to Institute for Business Value 2010 Global IT Risk Study. The study illustrates, businesses see the promise of the cloud model but cloud computing is raising serious concerns about protecting privacy, data breach or loss, and the overall weakening of corporate network security.
“From a business perspective, the IT infrastructure plays an increasingly critical role in not only supporting and safeguarding a company’s key assets an assuring proper governance and compliance, but also in driving business growth.” says Chris Mahlakwane, Executive Director for IT Services for IBM Sub – Saharan Africa.“ IT risk management is no longer viewed as a strictly technical function, but a crucial management task that can provide direct business benefits to the entire organisation.
In evaluating emerging technologies social networking, mobile platforms and cloud computing are presenting the highest causes for concern with CIO’s and IT Mangers. Most of the risks have to do with the accessibility, use and control of data, and the danger of having unauthorized access to confidential, proprietary information.
“Many organisations have just not yet established processes and methods to integrate cloud computing.” adds Mahlakwane.
In line with these findings IBM has announced new security initiative focused on making cloud computing safer.
Mahlakwane, says: “IBM aims to help both users and providers of cloud computing more easily navigate security challenges through new cloud security planning and assessment services, managed services to help clients secure their clouds, and the introduction of several technology innovations from its global research labs.”
While an information technology (IT) foundation pertains to all cloud computing, providers and users do not generally rely on one generic model for data security. Both cloud providers and users should consider a variety of factors, including the kind of work a client wants to do in the cloud and the mechanisms and controls used. For example, clients who have collaboration tools and email work in the cloud should think about access and policy controls, while clients focused on healthcare in the cloud should be concerned with data isolation and encryption.
“IBM understands the ‘one size fits all’ cloud security strategy will not work for most businesses,” said. “Creating tailored solutions that provide the right mix of security consulting services and IT infrastructure will allow them to get the most out of cloud environments.” comments Mahlakwane.
IBM is using its expertise to outline a two-pronged approach for clients seeking to dramatically improve cloud security:
1. Plan and Assess the Security Strategy for the Cloud
- IBM Cloud Security Strategy Roadmap – For clients who are embarking on a cloud strategy as either a provider or subscriber, the new roadmap is designed to help organizations understand, establish and outline the steps for realizing their security goals in relation to their cloud computing strategy. IBM security experts conduct an onsite working session with clients to help define the cloud computing initiative and goals, identify associated security and privacy concerns, determine appropriate vulnerability mitigation strategies and develop a high-level security strategy roadmap designed to achieve their cloud security objectives.
- IBM Cloud Security Assessment – For clients with cloud infrastructure in place or planning their cloud environment, the new assessment is designed to help provide an in-depth understanding of the current state of a current or planned cloud solution’s security controls, mechanisms and architecture. IBM assessment professionals help compare the cloud solution’s security program against industry best practices and the client’s own cloud security objectives, then identifies steps to help improve the overall security environment.
- IBM Application Security Services for Cloud – The new offering allows CIOs to have a clear picture of how and where sensitive data will circulate in a cloud environment. It assesses current or proposed cloud application environments to help ensure that the appropriate information, security, and privacy controls are in place for a client’s specific business requirements. By identifying and prioritizing cloud-specific security vulnerabilities, internally and within their service providers, the offering can help clients determine the right balance of internal control and service provider autonomy required to maintain efficiency and service level requirements before implementing the solution.
2. Obtain Security Services from the Cloud
- IBM Managed Security Services Hosted Security Event and Log Management – This enhanced offering is a cloud-based solution for security incident and event management that consolidates the security event and log data of operating systems, applications and infrastructure equipment, providing a seamless platform from which to assess and respond to real-time and historical traffic. It dramatically improves the speed of security investigations and compliance initiatives, offering the full life cycle of security information and event management, and provides options to outsource these tasks to security experts located in IBM’s worldwide Security Operation Centers.
- IBM Managed Security Services Hosted Vulnerability Management – This enhanced cloud-based scanning service helps companies to identify vulnerabilities across network devices, servers, web applications and databases to help manage concerns and reduce the cost of security operations. This service is available to companies of all sizes who want to quickly and more easily address compliance mandates.