After yesterday’s venture into the cloud in 2015, I decided I wanted to learn more about cloud security. Many vendors mentioned to me that the market is worried about cloud security, and that security fears are the main reason driving users to uptake hybrid cloud options.
I again took the approach of a broad question; “what do you think will be an issue facing cloud security in 2015?”, and let vendors interpret it as they liked. Though today I limited the vendors I asked to those exhibiting in the security part of the expo.
“If you asked me this a month ago I would have said where the data is being stored would have been the most important issue, but after the Apple iCloud nude photo scandal it’s more about how they’re securing that data.” – Ryan Farmer, Marketing Manager @ Acumin Consulting
Personally I’ve never considered the physical location of my cloud data an issue. Though this is probably due to the fact that until a short time ago I was blissfully unaware that my Facebook page actually existed in a physical location somewhere – apparently possibly in Ireland.
Now that I am aware of my data’s physical manifestation, it does make me uneasy to think that it might be in a laxly secured environment. As my cloud knowledge grows, and events I am aware of such as the “cloudgate” scandal as it was dubbed, my security concerns are rising. As the world becomes progressively more digital the security of data is going to become more and more important.
“I think cloud security is a bit iffy, because I don’t think the cloud is very secure at all. A lot of customers prefer to have the appliance in house because they have more control. I think as cloud progresses, security will improve.” – James Kirpichnikov, Sales Manager @ Watchguard
As I wandered through the security area of the expo I was surprised at how many vendors honestly told me that they didn’t think the cloud is secure. I was expecting them to all tell me that their product made the cloud as secure as it ever could be and that my data would definitely be safe with them as my security provider. James from Watchguard told me keeping a private on site data centre is preferable for a lot of businesses because of the sense of control they have over it.
In 2015 the biggest issue facing cloud will be incident response, ultimately all these technologies fail at some point.
“The most important issue for cloud security in the future is security flexibility, cloud is just a way of deploying systems and applications, underneath that is generally virtualisation technology. The challenge of that is how you protect any kind of cloud. Hybrid private/public clouds are probably where most companies are going to go, so we have to look at how we can develop security technology that works on all of the platforms in a simple and effective way.” – Jamie Pearce, Sales Manager @ Bitdefender
The rise of the hybrid cloud seems to be a big talking point in the industry at the moment. Jamie explained to me that where the security issues arise with hybrid systems is needing different security for each component of a hybrid cloud, so the challenge they are facing is creating protection which works across the private and public platforms and is easily deployed and managed.
Simplified down for me, I considered his comments in the realm of personal security. Mace may work to protect my personal space, but it won’t be as affective to protect a group of 50 people. Jamie’s aim is to find a security solution that can be executed effectively and simultaneously across both my personal space, and the group space.
“In 2015 the biggest issue facing cloud will be incident response, ultimately all these technologies fail at some point. The prevention technologies aren’t perfect, you have to have a plan in place to rectify those failures when they happen.” – Tim Armstrong, Sales Engineering Manager, @ Co3 Systems
Co3 Systems work with cloud systems after there has been a security breach, helping them to respond to the issue and resolve it quickly and effectively. I found Tim’s point of view really interesting because he was the only person who talked to me about what happens after the cloud has been breached. Incident response and security resolutions probably are something that should be discussed a lot more. People admitting to me that the cloud isn’t secure really threw me, though it does come back to what I was told yesterday – if someone builds a fence, there will always be someone else trying to go around, under or over that fence. That is just human nature.
“I think the cloud is essential, it’s going to drive efficiency in the enterprise and in the way States and governments work. At Encryptics the way that we approach security is that we lock down at the device level. We use a peer to peer system, while currently a lot of people maintain a trusted server which keeps all the data, and all of the keys to the data in the same place. Pre-Internet encryption is going to be important in the future, that way you are protected before you even get in the cloud! We hope to lead the charge to utilise the trusted peer to peer system to leverage the positive factors the cloud has to offer.” – Mitch Scherr, CEO @ Encryptics
I would like to note here that Mitch opened his answer to me by saying that he saw a cloud burst and thunderstorm in the future, possibly a bit of lightening, and definitely some rain. His approach to cloud security seemed, to me, very straight forward and logical. A focus on device security and protecting the data in advance of cloud storage made sense to me.
He was kind enough to simplify his analogy even further for me. If you put your data in a locked box, then put that box and the key which opens it in a larger box, what is to stop someone from opening the bigger box and using the key stored inside to access your data? There needs to be a separation of the locked data, and the keys to the information, hence his notion of future cloud services moving to add security at a device level.
So, on day two of my first IPExpo I focussed on cloud security. I learnt I should probably be more concerned about the state of my cloud – and that at least one CEO in the data security industry has a cracking sense of humour!