Posts Tagged ‘security within the cloud’

Is The Cloud Ready For Primetime?

July 29th, 2010

Some interesting results came back from a recent survey conducted by TPI regarding cloud computing. According to the survey, which polled 140 corporate IT decision makers, nearly four out of five companies are considering cloud computing solutions. Three out of five however are actually putting them into action. How are these IT departments doing this you ask?

In an article by Stephanie Overby on CIO.com, she writes that they are easing into it with smaller, lower risk services. Companies are still cautious and Kevin Smilie, head of TPI’s cloud computing business solutions unit, believes they are not yet “convinced cloud services are ready for the prime time requirements of their core operations.” These services are simply too vital to trust to cloud computing in its early development. Those IT departments that have decided to risk their mainstream operations on the cloud are doing so for one reason according to Smilie and that is cost savings.

Most companies that have adopted such practices are selecting private cloud options because of lower costs with enterprise-class service levels and security. This is something they simply cannot receive in the public cloud space. As a result, IT service providers are trying to offer more in the private cloud sector to soothe the apprehension of many IT buyers.

To read Stephanie’s entire article, called “IT Departments Move Low-Risk Services to the Cloud,” head over to CIO.com or click HERE.

No comments »

Posted in Strategy

Tags:

Are you sleeping well? Ten IT Security issues keeping CIOs up at night

June 1st, 2010

We recently polled senior executives in our member companies on their top IT Security issues in advance of the IMF Security Forum. That forum will be held September 13th and 14th at member company Automotive Resources International near Philadelphia. Here are the top ten issues as voted on by our members:

1. Security in a Virtual Desktop world. How will all the new devices impact the virtualization strategy?

2. Risk management, assessing the risk; (CEO, COO, CFO, CIO) has the obligation to “KNOW” the risk and its corresponding likelihood - then mitigate exposure.

3. The risk of nontraditional devices such as IPADs and even disposal of copiers as highlighted in this clip: http://www.cbsnews.com/video/watch/?id=6412572n

4. The internal threat

5. How to satisfy audit requirements with limited headcount

6. Collecting useful data from IT systems, scoring it for risk elements, and displaying the actionable information to the IT resource administrators in an effective manner

7. Employing visualization mechanisms to analyze ever-increasing amounts of data collected by security operations centers. We need to increase the number of “events per second per analyst” threshold.

8. Cloud Security

9. Foreign threats to the network and soft tokens for mobile devices

10. Data Leak Prevention

We will have presentations from IT IMF members on these topics and more, open discussions and networking among CISOs in a strict vendor free environment at the IMF Security Forum.  I hope you can join us.

No comments »

Posted in IT Security

Tags:

Security concerns with cloud computing

March 5th, 2010

Cloud computing has become a frequent topic of discussion in the industry as individuals and organizations alike wish to eliminate the uncertainty surrounding the concept. Many of the concerns associated with the cloud infrastructure centers around unease with how to effectively handle security management.

 

Tim Greene reported in an article for Network World on Thursday that former National Security Agency technical director, Brian Snow, stated at the RSA Conference that he does not have any trust invested in cloud services.

 

The article states that though Snow recognizes that the cloud infrastructure can deliver services that can be securely accessible by customers. However, vulnerabilities still arise in the shared nature of the environment.

 

The article highlights that users commonly accept known flaws of commercial applications and security products. Greene compares that instilled trust to the trust that Wall Street investors had before the downturn of the market in the last year. Vulnerabilities should be corrected before the first sign of attack.

 

Related IMF Report: Dale Seavey, “Cloud Computing”

 

At an IMF web forum, Dale Seavey, Director of Architecture Design and Engineering at Cisco IT offered insight into cloud computing. “It is part of the responsibility of IT professional’s to take away the veil of uncertainty around the cloud concept,” Seavey said.

 

At Cisco, Seavey and his team are responsible for setting the computing direction for the IT organization for the next three years and putting actions in place that will help them accomplish the initiatives they have established. The three fundamental design pillars determined by the group include:

 

1)      Immediacy

2)      Smaller computing platforms

3)      User experience being key while computing environment and platform are irrelevant.

 

In his presentation, Seavey discussed the history behind Cisco’s email architecture, defined the cloud concept, and offered his predictions on the future of cloud. Seavey defines cloud as an evolution of technologies, or an updated computing paradigm that is a massively scalable and elastic environment. In reference to security for cloud, Seavey states that we are still in the infancy stages of this technology, but maturity and eventual reduction of threat will come.

 

Seavey and his team’s predictions include the idea that the desktop will become irrelevant, the user experience will come through a browser with shared services, software needs to work in a distributed environment. What this means for Cisco and other companies is that organizations will be less likely to implement software without a consistent look and feel, more inclined to look at other desktop operating systems, applications will become more cloud compliant, and the idea that systems who utilize shared elastic services will be implemented.

 

To read this report in its entirety, please click here.

No comments »

Posted in IT Security, News

Tags: