Tactical Advice

Why Security in the Cloud Is Well Within Reach

A Citrix security expert explains why more organizations should have faith in cloud security.
Why Security in the Cloud Is Well Within Reach
Credit: kirstypargeter/iStock/Thinkstockphotos

It’s true: Moving operations to a public cloud requires organizations to become comfortable with letting go of complete control of their data. While handing over control of organizational data to a third party inevitably creates a vulnerability, data stored in the cloud isn’t inherently less secure than non-cloud data.

We reached out to Kurt Roemer, Citrix Systems’ chief security strategist, to get a better understanding of how companies can secure their data in cloud environments that they own or don’t own.

BIZTECH: When it comes to the cloud, how much security can an organization really expect from infrastructure that they don't own?

ROEMER: Security in the cloud can actually be stronger than traditional data center security — especially with a cloud provider that details their security measures with full transparency. Many organizations and departments that can’t afford all required physical protections, layered security technologies and rigorous administrative processes for separation of duties — just to name a few — will find a much improved security experience in the cloud.

Even within traditional data centers, line-of-business departments that have not owned all of the security assets and processes have trusted the IT department with their security for years — even outsourced IT. The cloud simply abstracts the data center further, but it must be professionally managed to a defensible level of security, compliance and privacy.

An organization should ensure that required security processes and technology are available to protect sensitive data before engaging with a cloud provider and throughout the term of contract. Carefully read the terms of service, including all changes during the relationship.

BIZTECH: How does a hybrid-cloud model mitigate the security concerns of cloud computing, in your view?

ROEMER: The hybrid cloud leverages both organizationally owned and managed data center assets — private cloud — along with pubic-cloud technologies. By architecting for a model that enables applications and data to be secured in both private and public clouds, sensitive data is protected wherever it resides. Of course, the connection points between the public and private clouds, including networking, directory services and policies, must be specified and automated to ensure that security requirements are met.

Hybrid-cloud technologies are increasingly being used for processing sensitive data; for instance, for cloudbursting by retailers during peak holiday times and for exchange of protected healthcare data by healthcare institutions.

BIZTECH: What are the most common mistakes you see with organizations deploying IT resources and services to the cloud?

ROEMER: The most common mistake is IT assuming that the cloud can be managed like a traditional data center — which forces the IT department to consider only private clouds. While not every sensitive workload is ready for deployment in a public cloud, there are many applications, including those that process confidential data, that can benefit from the security, agility and cost-effectiveness of cloud computing. IT departments need to work closely with lines of business to understand business objectives first and apply appropriate IT disciplines second.

BIZTECH: You mention the fact that users are accessing cloud apps such as Dropbox to bypass IT. How should IT respond? Don't they risk isolating themselves from users by being too draconian?

ROEMER: Consumer-grade cloud services for file transfers, storage and backup have been a real boon to productivity and data availability for personal usage. The problem is in using these consumer-grade cloud services for sensitive data, which can place an individual and their organization in violation of contracts, regulations and laws. The IT department needs to have enterprise-grade solutions available that match or exceed the functionality of consumer-grade cloud services and also provide for enterprise security. Users want to do the right thing, and if IT adopts a “How can we securely do this?” approach instead of a “How can we shut this down?” approach, greater security and productivity will be achieved.

BIZTECH: What are the more common types of hacks that hit cloud apps and services?

ROEMER: Unfortunately, cloud computing suffers from many of the security scourges we’ve been dealing with in traditional IT. Bad passwords, account sharing and lack of encryption are but a few of the more common issues that can continue into the cloud. Fortunately, there’s a silver lining — with the cloud being a new environment, support for outdated legacy security technologies is not a design goal as it all too often is in traditional IT.

A newly architected cloud application can consider multitenant administration, delegated responsibilities, distributed lifecycle management and security automation to enforce security from the user experience to data management. The automation of security as clouds are provisioned and managed throughout the lifecycle can greatly reduce the vulnerabilities that would otherwise enable attackers.

Sign up for our e-newsletter

About the Author

Ricky Ribeiro

Online Content Manager

Ricky publishes and manages the content on BizTech magazine's web site. He's a writer, technology enthusiast, social media lover and all-around digital guy. You can learn more by following him on Google+ or Twitter:

Security

Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.