Customer fears around cloud security should be a seriousconcern for resellers struggling to tap into what is heralded by analysts andvendors alike as a growing market.
Worries about security and privacy are the flipside of thecloud coin, which offers the benefits of flexibility and operationalefficiency, and according to Forrester’s research are having an impact on themovement to the could.
In its How secure is your cloud? research the analyst houseconcluded that there had to be better ways of evaluating the risks of a hostedsolution and the pressure was on IT professionals and resellers to provide thatadvice for customers.
“It security professionals must develop better ways ofevaluating the security and privacy practices of cloud services,” stated thereport.
Forrester recommended that an assessment of the suitabilityof a cloud solution should include: data protection, compliance, privacy, identitymanagement, secure operations and other related security and legal issues.
The report quoted Steve Whitlock, board member from theJericho Forum, who said that although it saw the benefits of the cloud it couldalso identify the “risks, security issues and interoperability issues”.
As a consequence the analyst house believes the pressure onthose looking after security for customers will be to move away from focusingpurely on operations to a compliance and requirements-focused job
Forrester also called for more agreed industry standards tomake it easier for vendors to make collaboration between different vendors andproducts more straightforward.
Recent research from Websense showed a number of IT securitymanagers were taking a laid back attitude towards staff using web 2.0 toolsthat they had no control over outside of the office.
Significant numbers of companies admitted they were failingto screen web sites, could not prevent url re-directs and could not detectembedded malicious code on trusted sites.
All that provides a picture of a failure by many companiesto protect against the web in its current form before any deployment ofcloud-based services.
Plus, when it comes to selling hosted security products IanKilpatrick, chairman of Wick Hill, said that there still remained some work tobe done to increase involvement from the channel.
“For cloud security to succeed the channel is key,resistance from the channel to cloud security for SMEs has already shown itselfin the low base that cloud security has, despite being around for many years,”said Kilpatrick.
“Interestingly large parts of the security environment aresuitable for a cloud security approach - firewalling, VoIP security, web andemail, two factor authentication, anti virus, remote end point security all fitfairly well into the cloud security approach,” he added.