Cloud computing will result in an improvement in security defences

13 July 2010

According to a recent poll, over half of organisations believe that cloud computing will result in an improvement in security defences according to a poll from 360°IT, a fifth thought there would be no improvement and a quarter of organisations said that it will be detrimental.

Richard Hall, CEO of CloudOrigin, claims that the current trend of businesses migrating their IT systems into the cloud does not mean a reduction in security defences.

Far from it, says Hall, who, after more than 20 years in the IT business, has concluded that cloud technology actually raises the industry's game on the security front. "After decades performing forensic and preventative IT security reviews within banking and government, it was already clear to me that the bulk of security breaches and data losses occur because of a weakness of internal controls," he said in his 360°IT blog post.

According to Hall, the complete automation by public cloud providers means the dynamic provision, use and re-purposing of a virtual server occurs continuously within encrypted sub-nets. The process, he says, occurs out of sight of operations staff and without any of the manual interventions that might introduce unintended weaknesses.

"That's why solutions built on commodity infrastructure provided by the likes of Amazon Web Services have already achieved the highest standards of operational compliance and audit possible - for example in healthcare (HIPAA), credit cards (PCI DSS) and audit (Sarbanes Oxley, SAS70)," he explained.

Citing the example of Easyjet and how the successful airline has harnessed the application integration security benefits of Windows Azure at the platform as a service (PaaS) level, allowing the company to move its airline management systems into the cloud, the CloudOrigin CEO said the airline has effectively reduced its security exposure and increased its resilience as a result.

Other organisations that are drawing on the security benefits of the cloud include the RNLI, whilst the Cloud Security Alliance is bringing together users, vendors and consultants to formulate and share best practice.

Hall says that, as the CSA's executive director Jim Reavis announced to a packed room of IT security experts in London, work is now under way on cloud security controls, governance issues and many other issues. Also in the pipeline, he added, are a series of interoperability standards and audit guidance, as well as individual accreditation for practitioners. You can therefore, he says, expect to see more high-profile cloud solutions as a result.