Debating Cloud Security

In lectures and meetings on the topic of Cloud that always stands out among the debates is safety. Indeed, the question on security and fear of novelty is common and has always happened.

When in the early 90s of last century, the subject was the adoption of client-server model, the questioning was similar. The same happened when we began to speak in electronic commerce and still there is great fear of letting the use of credit cards over the Internet.

Today, the safety theme also permeates the discussion of major release or not the use of smartphones and social media in business. Anyway, it’s a natural discussion in my opinion.

Later, as the adoption of cloud spread, ie, after overcoming these concerns about the safety issues that will guide the events and discussions about cloud will be integrated (how to integrate different applications in cloud computing and with applications that are not cloud) and later still, we will have discussions on e-Governance. But as today’s most prominent theme is safety, we’ll explore it a bit more in this article.

Processes and changes

Methods and procedures for security change every time the computer model changes. It was so when the client-server and many of the methods were adopted for centralized environments have become useless.

This happened when the Internet became an integral part of business processes and methods adopted for internal security have proved inadequate and had to be modified. With the adoption of cloud, history is repeating itself. We have to rethink many of the security processes currently used.

However, when talking about security in cloud, we have to separate the public and private clouds. In addition, policies and hence the methods and security procedures adopted differ from company to company, as the risk tolerance is different in different companies and industries.

In private clouds, security policies are already adopted by the company, and already updated to the new model. In public clouds, the security policy is subject to the methods and processes adopted by the cloud provider.

Certifications, costs and technologies

The security concerns are paramount to the success of any provider of public clouds and they, at least those who have sufficient intellectual and financial capital, implement processes, methods and technologies to strengthen security.

Moreover, many seek to pass through external audits as SAS 70 and official certifications as ISO 27001 . In the U.S. and Europe, there is also the quest for compliance with FISMA (Federal Information Security Management Act) for projects with the U.S. government, Payment Card Industry Data Security Standards for transactions involving credit cards and European Data Privacy Directives for operations with European companies .

On the other hand, less tolerant of risks companies choose to adopt private clouds for their critical systems, using only public clouds for applications that do not involve risks to business.

Indeed the adoption of cloud happens when the perceived value by the new model exceeds the perception of their risk. Cloud should be adopted not only by reducing costs, but the speed and flexibility that allows the company to innovate and create new products and services supported by IT.

Adoption and review processes and methods

Adopting cloud means reviewing its processes, methods and security technologies. For clarity, we divide the security issue in different aspects such as:

• Data protection and privacy;
• Integrity assurance systems (access control and vulnerability);
• Availability;
• Facilities audit and compliance with industry rules of business that the company is located in.

The analysis of these points is going to set the pace of adoption of cloud and the cloud will be private, public or hybrid. For example, in the inquiry audit, SAS 70 procedures were not fully prepared for cloud and is now working in 16 SASE as a replacement.

As the concept of cloud evolves, new processes and security technologies will emerge and we will see a virtuous circle. These new technologies will bring more confidence to the use of cloud, which will increase its spread and thus more spread, there will be more new and innovative security technologies, by rotating the circle.

Changes in market

As a sign of maturity of the market, we started seeing the first efforts in setting safety standards. These patterns allow classification consistently on the security solutions offered by both private clouds, and especially the public cloud providers.