Cloud security changes thinking for most organizations

August 15, 2012

Making the shift from legacy systems to cloud computing requires a change in thinking across an organization. From the connectivity of the average employee to the difference between capital and operational expenditure, it is a move that impacts every corner of the business. However, nowhere is the migration felt more than with cloud security.

Not only are new measures required to ensure security in the cloud, but the mindset of every user must change as well. Suddenly, according to ZDNet, complete control does not reside in-house. While that is not necessarily a bad thing, it does require wading into a gray area when IT security has typically been seen as black and white.

Need to adapt
As IT security veteran Dave Asprey told ZDNet, organizations that insist on continuing to play by the rules of legacy systems in a completely new world of cloud computing security are likely to miss out on many of the benefits of the technology. Instead of relying provisioning security on a service by service basis, simply adopting one overall tool to protect the entire network can help a company maintain the agility, scalability and, of course, lower costs, that make the cloud such an attractive option in the first place.

Because cloud security represents such a departure from the ways of the past, many organizations are "paralyzed" by security, technical issues and legal considerations, one computer scientist told ZDNet. According to Timothy Grace of the National Institute of Standards and Technology (NIST), business factors need to be weighed just as heavily, if not more so, as security. That way, organizations can realize the true benefits instead of worrying only about the worst case scenarios of what could go wrong.

Beyond security
Shifting requirements with cloud computing dictate that security is no longer that simple decision of the past. A dynamic environment means that the decisions themselves must also be more dynamic. As software security expert Raf Los told Dana Gardner of ZDNet, security is no longer the "binary decision" that it once was.

"As we move forward, I believe very strongly that what we're evolving into is, as we've heard people talk about, risk management," Los told ZDNet. "Risk management starts to include things that are beyond the security borders."

When security goes beyond its normal borders, it takes away some of that overall control that the IT department is used to holding. So, as Los mentioned, it begins to take on a more holistic approach, making the entire enterprise resilient in case of the unlikely event of cloud security going belly up.

-McAfee Cloud Security