Firms should rely on security provided by cloud vendors

Businesses need to decide if they want to devote resources to secure own infrastructure when cloud providers can offer more robust environment since their core business requires it.

COMMUNICASIA, SINGAPORE--The debate about cloud security debate should really look at whether it makes sense for businesses to devote resources to secure their own server infrastructure when cloud service providers can offer more robust environments.

Amit Sinha Roy, vice president of strategy and marketing for global enterprise solutions business at Tata Communications, said among the various pitfalls that come with cloud adoption, security is the main risk which enterprises should rightly take effort to mitigate.

Speaking at the Cloud Computing conference Wednesday here at CommunicAsia, Roy said companies can implement various technical and non-technical steps to secure their cloud infrastructure, including server virtualization, installing virtual private networks (VPNs) to carry out 24-by-7 monitoring, and isolating hosting equipment and employee access.

"But, should a company do all these things, it's acting like a service provider. It won't have the time to focus on its core business," he said.

Roy explained that a properly run and audited service-provider environment has better security than an on-premise customer-managed one. This was because service providers, due to the nature of their business, will have the necessary measures and deployments to ensure everything--from infrastructure to the storing and transferring of customer data--is secure and risks are mitigated. They would also have to ensure compliance to industry standards and regulations, he added.

While he acknowledged no service provider can provide customers with "100 percent, impervious" environment, Roy said there is at least assurance of a "robust, hardened cloud infrastructure" required by enterprises to run their critical business.

Another speaker, Rosemary Lee, counsel for strategic business services group at law firm Pinsent Masons MPillay, said cloud users, however, should not leave everything to their service providers with regard to the legal clauses of their contracts. This is especially critical in Asia where data protection regimes are in different stages of maturity among the countries, Lee noted.

She advised companies consider several factors not limited to service level availabilities and data security, such as retrieval and destruction.