The information security concerns that organisations have about cloud computing are no different from the security challenges of existing business models such as outsourcing, according to IT security firm Integralis.
Security concerns are routinely cited by businesses as a barrier to the adoption of cloud computing services, but Garry Sidaway, director of security strategy at Integralis, said that the standard issues such as data protection, data back-up and identity authentication, are still relevant.
“The security challenges of the cloud aren’t new. We understand what we should be doing, and we should not treat cloud as a completely different environment. We understand we need to protect it and there are hard rules and key concepts which we can still apply,” he said.
Sidaway believes that there are two fundamental things that organisations have to do before they start talking to cloud service providers.
“Our first step is to really understand what you have got in your infrastructure today, so you can then decide what to take out [and put into the cloud]. A lot of [organisations] don’t. They’ve got legacy applications, old network infrastructure,” he said.
In analysing the existing environment, Sidaway said that the next step would be to use it as an opportunity to reassess the organisation’s security architecture, and look to building a more integrated security solution.
“That helps reduce costs, simplify overall information security and makes it easier to manage,” he explained.
By carrying out these actions, Sidaway said that firms understand what their total cost of ownership is, when the chief financial officer drives them to cut their costs through measures such as virtualisation, and also address issues such as security being considered as a bolt-on task, rather than an embedded component of an application or infrastructure.