The Cloud market size continues to grow from its current level of $10-25B with expected double-digit compounded growth over the next couple years. In fact, Gartner estimates the cloud market to be $150B by 2013. However, there is one major concern holding CIOs and CTOs from adopting the Cloud. Security.
Security concerns are common in any industry, and based on a recent survey of industry IT professionals by nCircle, Cloud computing security concerns outweigh the potential cost savings by a two to one margin. “I am obviously a believer in using the ‘cloud’ as a way forward for both personal and corporate life. Security in all aspects of your on-line life is important and the cloud is no different…It is security we should be focusing on – this is the first and last thing that we and the providers should think about,” said Simon Bain, CTO of Simplexo, in a recent Cloud Industry Forum survey.
If security is a major concern for cloud adoption, what should companies do? If the service is a SaaS offering (uses the provider’s applications on a cloud infrastructure with little to no control over the infrastructure, network, servers, etc.) there are three main parameters to ask about when evaluating Cloud providers:
Data Encryption – Databases tend to share space with other customers and breaches are fairly common.
- how the data is being encrypted
- how access is controlled
Application Security – The majority of hacker attempts are through web-based applications. Be sure there are measures in place to protect against these attacks.
- what protection is in place around APIs
- what encryption keys are used for these integrations
- if the provider uses vulnerability scanning tools
- what happens in case of a breach and who is responsible
Access Controls – The biggest issues for Cloud services are access controls and user authentication.
- what standards the provider is following
- who controls the access management
- are real-time automated authentication methods provided
Mike Fleck, CEO of CipherPoint Software elaborates on the importance of automated security controls when he sys, “As a small company we look to the cloud as a means to economically scale our infrastructure. Having spent over a decade in the security industry, I’m well versed with the issues around putting intellectual property and computing resources in the cloud or any other leveraged environment. We will not use the cloud unless we can protect our infrastructure and information with automated controls.”
Authentication is crucial to protecting the Cloud because it secures access to sensitive data, proprietary information, and applications. Two-factor authentication, for example, takes verifying a user beyond a static username and password by adding a second form of authentication — something you have.
TeleSign 2FA effectively protects accounts from compromise by sending a one-time code to the user’s registered phone number via a voice call or SMS message. The user then takes the code and enters it back into the website or application and they are authenticated and permitted access.
The simple process of telesigning into accounts enables companies to maintain higher security without increasing complexity and there is no additional hardware or software needed. This automated process has proven the ability to provide enterprise-level security while increasing the adoption of cloud services. The largest Cloud service providers on the planet trust TeleSign to protect their users.