How the Cloud Security Landscape is Changing in 2015
Any big shake up in the computing industry comes with its own set of challenges and pitfalls, threatening to derail the progress made. Security of data stored in the cloud was one of those potential pitfalls for the enterprise industry and even though it is now safe to say that the cloud is not going anywhere, security concerns continue to be the biggest obstacle to an even wider adoption worldwide.
Even a decade or so back it would have been impossible to imagine major corporations handing over the storage of their sensitive data to a third party. However, that is exactly what we are witnessing right now. The reasons for this are the huge advantages that cloud storage has over traditional methods including lower upfront cost, a more efficient deployment of capacity and a more reliable data back-up process among others. Software as we know it is also set to change with outright purchases becoming a thing of the past and software-as-a-service becoming the new standard.
The economies of scale have proved to be irresistible for corporations all over the world as storing the increasing amount of data being generated physically onsite is becoming next to impossible. Currently a hybrid model of local and cloud storage seems to be the sweet spot. Even the Department of Defense has adopted Amazon Web Services as the platform for its storage needs and is even planning to have a curated app store for the "intelligence community".
This shift towards the cloud has also seen number of new entrants beyond the usual big companies and it is often difficult to ascertain what level of security they are providing for your data. This is where the Cloud Security Alliance (CSA), a cloud database business organization, is helping evaluate the offerings of these companies and assigning them an easy to understand standard rating.
CSA has developed some cloud security standards called the Cloud Controls Matrix Federal Risk and Authorization Management Program Candidate Mapping that private and state organizations can use in the development of or upgrading existing cloud security systems. This protocol is to be launched on May 5th at the inaugural CSA Federal summit to be held in Washington, D.C.
The company had also released the STAR certification program which is open to cloud providers to get them accredited after a third party evaluation. The program has more than a 100 participants on board now.
A long way to go
Cloud security is still evolving and everyone involved is learning on the fly. This is what makes the sharing of information much more important to allow companies to understand what needs to be better. Issues like data co-mingling, spying, access to sensitive data at the storage level and data deletion are yet to be solved satisfactorily.
Companies such as Google and Microsoft have started to encrypt all their data as a method to increase security even further and this is one way forward that could soon become standard. Migration of stored data, particularly across platforms, is also a big headache. With all the major providers working on proprietary standards, this problem does not look like it's going away any time soon.
Image source: coupa.com