If headlines are to be believed, then the cloud could be in danger of becoming localised almost a year on from the Edward Snowden revelations.
However this year’s security conferences and news have shown a renewed vigour for the cloud in the security sector. Take the acquisition of SaaSID by Intermedia, a cloud-based single sign-on service was proven to be valuable and since then, companies such as Pirean and Okta have emerged also. So with this renewed interest, I turned to various names in the sector and asked the daring question, “is cloud an inevitability?”
Phil Turner is vice president of EMEA at Okta. He said that the company, founded by former SalesForce employees was “born in the cloud and ability with SaaS”. He said: “Okta was founded on the premise of secure access to any application whoever and wherever you are with single sign-on. When you leave it is common to have access to applications revoked. It is about what people should and shouldn’t be able to see.”
He said it was about the thought process of any person, device and application. I asked him how secure the cloud was? He said: “Okta is our business and it is about employees, but it is about how you manage access. Companies are addressing it (cloud) and I think how we do it and how we sell it is intrinsic. In two years we have had zero downtime. We are an enabler of cloud applications.
“Cloud is an inevitability, business is not enabling IT and IT is not enabling business, but you can have flexibility to use it and understand applications with flexibility of payment, why not use it?”
Recently Dr Eric Cole said that a lot of technology we are using today is changing ,”but ask most companies when they bought their security devices – most was 3-5 years, but threats changed 2 years ago”. So from that point, is cloud an inevitability? Well it would seem so, as it enables less infrastructure, less power consumption as a result and more flexibility.
Orlando Scott-Cowley is a strategist, technologist and evangelist at Mimecast. He said that Software-as-a-Service (SaaS) is the future for their company as it allows users to update their technology without a major overhaul. He claimed that the word ‘cloud’ is not no longer recognised, it just very quickly became a de facto approach for IT planning and investment.
He claimed that they got to the stage where users didn’t want an infrastructure on their network, and wanted Mimecast to get rid of as much as possible. “We are a cloud SaaS vendor and if you struggle to buy tin to get you on the network, everyone is in the cloud anyway and vendor is going to provide updates anyway,” he said.
“We saw more at Infosecurity Europe this year, last year it was all cloud and this year it was all “provided via the cloud” and a new area for IT.” Asked if it is becoming the norm, he said: “Yes, it is so much easier and it is making life easier for the IT guys and means things are faster.”
To get a wider picture, I talked to Steve Durbin, managing director of the Information Security Forum. He said that businesses are moving more and more to the cloud for all the reasons we understand – cost, flexibility, ease of access – and vendors have become more mature and met that demand.
“Yet there is still the challenge within the business of engaging with the security
guys, or vice versa, to address what we called the seven deadly sins some years back and even more now the particular issues of privacy and data protection,” he said. “So cloud still has some way to go in terms of developing into a robust and well ordered business tool, but that is going to be something that providers and users will need to work on together in a cloud contract.
“In Europe, in particular, issues around data integrity, privacy, protecting personally identifiable information and big data analytics on cloud based data stores are still issues being discussed. We’re not there yet!”
Availability is one key area of cloud of course, but what about visibility? Last month, Verismic launched theCloud Management Suite to allow organisations to proactively monitor and manage their environment. Chief executive Ashley Leonard told me that security was one of the reasons that larger companies are slower at adopting cloud technology than smaller businesses, and one of the major issues that will slow adoption of cloud in this area is a lack of standards. “As standards mature, we will see a greater adoption of cloud in the larger companies,” he said.
“You will see it in pockets; we see it in highly distributed organisations where cloud is becoming more prevalent. Smaller companies see the ability to change infrastructure and there is a huge benefit and they have been the early adopters, and larger companies are adopting cloud technology and we see it happen in companies who are highly distributed, as the infrastructure cost of premises can be large because of many sites. I predict it will grow in larger companies as the benefits outweigh the concerns.”
There is no doubt that from SaaS to distributed organisations to BYOD, cloud services offer a wide variety of benefits. So it is all positive? I have seen a number of surveys this year concerning the lack of trust around cloud. I spoke with Terence Spies, CTO of Voltage Security, who claimed that as cloud has become the default way that people think about computation, “people are almost breaching their own data”.
He said: “Cloud involves taking a bunch of data and uploading it to a machine that you do not completely control, you need a model that enables you to secure that kind of thing as cloud is not going away, it is getting to the point where managing your own machines is a bit atypical and that trend will continue.
“For some data we are dealing with – payment data, or personally identifiable data – you need some sort of leash or some encryption mechanism so a breach does not get me in hot water.”
I dared to ask Paul Bonner, head of technical services at Hardware.com, the question of “is cloud an inevitability?” He said it was a safe bet regarding the way things are going to go. He said: “Traditionally companies have said ‘no it is my data, my infrastructure and everything is in-house and it is all secure’ and technology can encrypt data at rest in the cloud.
“That product died and now there is a market for it and it leaves site encrypted, and when it is sitting there it is encrypted. It is definitely happening, there is no way of getting away from that.”
Asked which side of the fence he sat on, Bonner said personally, he thought it was a good thing as it enables businesses to react quicker to their requirements. “There is no building huge data centres and the cost associated with that, as long as provider gives you the service you need you are able to react to changes in business landscape,” he said.
Bonner claimed that he had seen companies disappear or go under because they are not agile to change. “Companies not embracing cloud or saying never going to go that way, they are not going the right way,” he said. “It makes sense at the end of the day; why would I as a small or medium-sized business spend money on a data centre when I can get it when I want? Cloud has taken a back step on a security warning that has put some off, but
the past year has speeded it up and probably driven more people to it as made more aware of it.”
Like most things in security, there is a half who embrace something and half who reject it. We have seen that with BYOD, and perhaps the cloud in 2014 will be that divider. As Orlando from Mimecast put it though, we are all using the cloud anyway, so why not make it a larger part of your business?