Safety first

Based on a definition by Wikipedia, cloud computing means the delivery of computing as a service rather than a product, whereby shared resources, software and information are provided to computers and other devices as a utility like the electricity grid, over a network, which is usually the Internet.

During a recent visit to Bangkok, Derrington said salesforce.com and workday.com are among the examples of cloud computing companies providing computing as a service so clients do not have to have their own servers and storage facilities.

However, this poses a new security challenge to enterprises, as identity management, for example, becomes much more vulnerable.

In response, Symantec recently launched its new cloud information protection platform, called Symantec O3, enabling organisations to apply consistent identity and information security across all cloud-based services and devices.

The platform delivers three layers of protection, namely: access control, information security and information management.

To access a network remotely, users, for example, are required to get a one-time password that would change after 30 seconds and/or they would need a six-digit code to get into a system tied with cloud-based services.

Such a two-factor authentication is to ensure that security is not easily compromised when enterprises turn to outsourced service providers.

In short, identity protection, information security and full visibility (i.e.: who accesses what and when) are paramount as a growing number of enterprises allow their employees to get into corporate networks via laptops and other mobile devices.

Today, it is also increasingly common for employees to bring their own devices to offices and plug into corporate networks as enterprises manage to save costs, be more flexible and more responsive to customer and other business needs.

Cloud computing also makes it easier to implement IT integration, according to Derrington, who cited Amazon and Coupon as good examples of using cloud computing to quickly expand their IT capabilities in Asia and the Pacific.

A recent survey shows that 84 per cent of organisations are confident that a cloud move will maintain and improve security, yet they also cite security as a top concern.

The study is based on 5,300 responses in 38 countries globally, of which 1,100 responses came from Asian countries including Singapore, Malaysia, Thailand, Indonesia, Vietnam, the Philippines and India. 

Most enterprises believe that moving to the cloud will provide important business benefits and improve their security posture, even though they are also aware that cloud services bring their own risks such as malware attacks and data breaches from unauthorised use of cloud-based systems.

The survey focused on various forms of cloud computing including public and private software-as-a-service, hybrid infrastructure or platform-as-service, as well as public and private infrastructure or platform-as-a-service. 

The findings also show that IT managers need to take the lead in embracing cloud computing. Secondly, they need to set information and application tiers because not all of information and applications are created equally. Third, make sure that critical information is only accessible by authorised users and that critical information doesn’t leave the company, while also ensuring that cloud vendors can meet your compliance requirements.

Finally, assess potential cloud vendors for operational issues such as high availability and disaster recovery abilities. 

You don’t have to take an all-or-nothing approach to cloud computing, as leveraging cloud services is the first step to moving to the cloud by starting with simple applications and services before moving to business-critical ones.