Organisations that have adopted public clouds have experienced a higher number of security breaches than with their traditional IT infrastructures. This interesting snippet comes from recent research, ‘What’s Holding Back the Cloud?’ carried out by Intel IT Centre.
The research goes on to show that among the IT professionals surveyed, almost one third believe the security threats came from internal sources. Other key findings included concerns around lack of control, security measures and compliance.
The findings of high levels of concern about cloud computing merely reflect what we have known for some time. However, it’s also interesting to note that almost one third of the security threats were cited as coming from inside the organisation. While most of these were deemed to be accidental, such as employees falling prey to viruses rather than attempting unauthorised access to company resources, it illustrates how internal threats represent a significant area of concern.
Today much of the attention on security, both within the cloud and on client devices, is software focused, however utilising technologies built into the hardware can significantly help in deliver more secure IT environments. At the same time the report was released Intel and McAfee unveiled plans for enhancing security within cloud-based infrastructure aiming to fuse hardware and software features to create a cloud computing environment that is secure from both the server and the client perspective. This approach addresses the security concerns expressed in the survey.
Cloud security issues are wide ranging across both hardware and software. Identity management needs to be incorporated into the infrastructure so users, devices and services can be identified as trustworthy, application security must be in place, data needs to be protected and legal and compliance issues considered. The use of virtualisation in cloud implementations also brings concerns. The virtualisation layer must be properly configured, managed and secured.
The Intel/McAfee announcement aims to address some of these concerns by enabling more layers of security. At the hardware level Intel’s Trusted Execution Technology (TXT) is used to validate key components within the server processor at start-up whilst McAfee’s ePolicy Orchestrator and can be used to enable a consistent security policy across physical, virtual and cloud environments.
Further software seeks out malware and limits the spread of infections and downtime while data entering or leaving the data centre is monitored for signs of infection. Updates are also automatically pushed out when they are available. Other software tools are available for validating the integrity of virtual machines, real-time cloud performance, software security and endpoint awareness.
The environment that the technologies cover extends from the server to the desktop and mobile devices. The focus here is the provision of a holistic approach to address the pressing security concerns around cloud technologies. The test will be how it is used in the real world. These are interesting times, characterised by genuine moves in the cloud sphere to advance architectures and I’ll be keeping a close eye on these developments. So watch this space.