By Lawrence M. Walsh, CEO and President, The 2112 Group
Security concerns remain the chief obstacle in cloud adoption. End-users don’t trust the security of cloud providers, but that shouldn’t be their only concern. Perhaps cloud security starts with the end-user and their ubiquitous endpoints.
The chief objection to the adoption of cloud computing is security. End-users are rightfully concerned that cloud providers do not have the security infrastructure, policies and procedures necessary to adequately safeguard data and respond to security incidents. As a result, users reluctant to put production systems and business critical applications in hosted environments.
But perhaps they’re wrong, at least in part, about the source of security vulnerability. Perhaps the real security vulnerability is resting in their own palms.
The Channel Partners Cloud Convergence Council, a joint project of Channel Partners magazine and The 2112 Group, recently met on the challenge of providing security in the cloud-computing era. While there’s no denying that hosted environments have plenty of security issues and points of vulnerability, security risk is a matter of identifying the path of least resistance. In cloud computing, that path often starts at the endpoint.
The cloud is sometimes referred to as this magical place where platforms, infrastructure and applications reside. Businesses can make their software and data available to employees and customers from any place at any time with greater scalability and efficiency, with a reduced cost. What businesses often overlook or don’t mention is how the cloud is accessed – and that’s through endpoints: desktops, laptops, tablets and smartphones.
The volume of malware targeting smartphones is increasing dramatically as these devices store increasing amounts of sensitive data as well as credentials for accessing hosted and cloud-based services. Laptops have always been a favorite target of thieves, and users often cache their access credentials for network and cloud services. The explosion of tablets, which are not just being used for Web-based applications but also virtualized instances of business applications, will undoubtedly become a bulls-eye for hackers and thieves.
Cloud services do need to do better at safeguarding the data of their customers and providing assurance of service reliability and integrity. What the Cloud Convergence Council is looking at, though, is the channel – IT and telephony alike – playing an active role in raising the level of awareness amongst end users for the need of protecting the access points to the cloud. All the data center security in the world is rendered useless if a hacker is able to compromise an endpoint and hijack authorized users’ credentials.
Obviously, there’s no such thing as absolute security. It’s a practical impossibility, and cloud subscribers must always anticipate and plan for the worst-case scenario if a breach occurs (and they always do). Rather than demanding more security, the Cloud Convergence Council believes end-users need to have a better understanding of the level of security and the potential risks of engaging a cloud service. If they enter into a service agreement with their eyes open, they will be more prepared should something go wrong.
The Cloud Convergence Council believes it’s the channel’s responsibility to educate the end-user community to security risks in the cloud. To that end, it’s working on tips for solution providers to advise end-users on security due diligence in selecting cloud service providers. Ultimately, cloud security will be less about technology and more about awareness and understanding.
Lawrence M. Walsh is CEO and president of The 2112 Group, a technology business advisory service that specializes in optimizing indirect channels and partner relationships, and principle blogger at Channelnomics. He’s also the executive director of the Channel Vanguard Council and moderator of the Channel Partners Cloud Convergence Council. He is the former publisher of Channel Insider and editor of VARBusiness Magazine. You can reach him at firstname.lastname@example.org.