Trend Micro: Security in the cloud
Security shouldn’t be an inhibitor for customers wanting to move to the cloud.
Peter Benson, Trend Micro senior security architect, offers some practical advice.
There is no doubt cloud computing has changed the IT industry and the way we use technology.
Cloud adoption is becoming an increasingly pertinent topic for organisations, particularly as the New Zealand Government looks toward the cloud to help with cost reductions and operational efficiencies.
In the past few months New Zealand has witnessed greater uptake in a number of cloud computing areas such as Infrastructure as a Service (IaaS), Desktop as a Service (DaaS), Amazon Web Services adoption, and combinations of public, private and hybrid cloud environments.
These all provide huge opportunities for flexibility and elasticity, however they also raise the concerns of who holds the responsibility for delivering and providing operational management of security aspects.
Security need not be an inhibitor for customers looking to move to the cloud; it is very much the enabling technology that makes cloud services secure and controllable, and which overcomes perceived constraints such as data sovereignty, data jurisdiction, privacy and surveillance.
The big challenges facing our customers and channel partners are threefold.
Firstly, customers want to know how to ensure that the instances they are building or using in the cloud are secure and the levels of security controls required.
Secondly, they want to know how to manage their cloud, physical and virtual infrastructure from a common security management context.
While cloud offerings are fine, they still have a requirement to address and manage the security context in line with the rest of their environment.
Thirdly, encryption is becoming increasingly important as data is being pushed from the controlled internal infrastructure to infrastructure where location, security, and privacy are based largely on contracts.
Data encryption in the cloud context, with localised key management, is coming to the fore.
There are a number of opportunities for the channel when it comes to cloud security:
• Provide an end to end security service capability that includes the physical, virtual, and cloud environments from a security context. Operational effectiveness and efficiencies come from contiguous solutions.
• For Amazon Web Services, consider providing Security as a Service which matches the elasticity model that consumers are demanding. Likewise services that match the high levels of automation and agility.
• When building cloud infrastructure, consider the overall architecture and infrastructure requirements, and include security as a core component of the infrastructure. This provides a cost efficient way of providing a value differentiation, while providing customer protection.
• Develop and deliver Security as a Service, ie, products such as Deep Security and Secure Cloud from Trend Micro deliver the security service capabilities that are warranted and required. Use encryption as a point of difference and to provide thought leadership to your customer base.
Don’t allow security to be a point of confusion for New Zealand organisations looking to move to the cloud.
Developing the right security infrastructure makes it possible for businesses to confidently and securely move to the cloud.