The emergence of the Cloud has been one of the best examples of IT innovation in the last decade. Cloud computing now pervades industry verticals, size and revenue of organisations. The speed of adoption has been phenomenal but at the same time, it is interesting to note that The Cloud is still a research topic. Major global IT and technology companies are committing and spending billions to develop the next generation of technology, and the best is yet to come. Technology company’s profits are increasingly being dictated by Cloud computing, and therefore their investments as well; Amazon Web Services spent $12.5 billion last year alone. Whilst there is clearly a case for Cloud adoption across all industries, we need to be mindful of threats and vulnerabilities as critical and valuable information is being stored externally. In particular, e-commerce companies are finding that there are benefits in terms of capital expenditure, support and maintenance, with the ability to be agile in terms of balancing peaks and troughs in demand for capacity and availability.
Experts broadly agree that some of the areas of immediate concern are data breaches, loss of data, service hijacking, and insecure Application Programming Interface (APIs). Whatever the cause, a breach can cause major disruption and can result in a loss of business, damaged reputation, and even lawsuits. It is worth mentioning that Cloud environments may contain cardholder data, and therefore it is crucial they are Payment Card Industry Data Security Standard (PCI) compliant. In fact, research conducted by TechTarget* shows that security and compliance is one of the top reasons why companies delay Cloud adoption. This doesn’t have to be the case. Whilst the merits of The Cloud cannot be ignored, it is crucial that companies make informed decisions when implementing Cloud based solutions. There are a number of solutions available off the shelf and numerous guidelines to follow, but navigating this complex landscape can be overwhelming, not to mention time and cost intensive.
In such cases sound advice and expertise can go a long way. We all know that the ‘one size fits all’ strategy can be a costly, time consuming exercise and may leave your business vulnerable. What works for one business may not work for another, and as a result, it’s important that organisations seek advice from experts who have technology and architecture expertise. They can then apply and provide information security, compliance, risk and privacy knowledge to recommend a plan, and help support an organisation to implement compliance and facilitate Cloud adoption, whilst causing no disruption to the business.
We are seeing the need for bespoke, tailored advice more and more from our Clients, with many being concerned about failing to comply with their own information security landscape. We conduct security assessments of their Infrastructure as a Service (IaaS) service provider which can lead to the discovery of gaps in security coverage. We then recommend the necessary remediation which allows Clients to proceed with their critical projects.
It is also important to remember that compliance itself is a moving target. Add a new technology to the mix that is constantly evolving, and you’ll find that achieving compliance is only half the battle. Therefore, it is crucial that planning and implementing information security is reinforced with knowledge transfer so that businesses can continue to be secure in a constantly evolving technological landscape.
* TechTarget New PI/Cloud Infrastructure Survey. Found here: http://searchservervirtualization.techtarget.com/tip/Security-concerns-delay-public-cloud-adoption