|Topic:||Demystifying Cloud Computing:|
A secure environment for your business
Gil Torquato, CEO, UOLDIVEO, Brasil
Graduated in Public Relations - Advertising, post graduated in Marketing and MBA in administration.
He has worked for Folha Group since 1985, when started his activities at commercial department and then reached the advertising director position. In 1994, he was named to new business director position, actively participating on strategic projects; he had co-founder of UOL, where currently holds the corporate and institutional relationship director position, as well as CEO from UOLDIVEO - a corporate division of UOL Group.
A few Cloud Computing platforms have the ability to shape themselves according to security requirements, instead of demanding software modification in which they will run. Such flexibility will be the easiest way to follow and keep the original security design, not demanding any change in the software. If your software is secure, it shall remain that way.
Cloud Computing has been growing quickly in Brazil. Although large research institutes do not show uniformity in the analysis of the growth figures, they show an increase greater than the GDP of the country. Taking the IDC data into account, it is expected that global spending on services in Cloud Computing exceeds US$100Bn in 2015, and for Brazil around US$1Bn by 2017, strongly supported by the need of companies to gain operational efficiency and reduce costs.
However, some aspects contribute so that the adoption of this new paradigm by large Brazilian companies will not be further accelerated, including: the difficulty related to systems migration - especially legacy - to the cloud and some alleged security issues in Cloud Computing environments. Leaving aside passions and fears, adopting a pragmatic view on these problems, and putting knowledge into practice, the truth is that none of the abovementioned examples should be a barrier. Cloud Computing can be simply adopted - it obviously depends on the model you choose - and it shall be as safe as traditional architectures or even safer.
Focusing on security aspects, the problems that are commonly regarded as hurdles for Cloud Computing are mostly more myths than truths:
- "I will upload my data to the cloud and, therefore, they will be more accessible and thus less secure," one might think.
The majority of Cloud Computing providers have specialized security teams, in number and more relevant knowledge than any other company whose business is not the infrastructure provision itself.
These teams can not only - and should - monitor environments in the platform, but also deal with possible attacks and threats related to such environments.
The structures that are set up by these teams against attacks that will serve all users of the platform will certainly be more comprehensive, modern and up to date than those that corporate clients could economically support. Yet, specialized consulting in security can be used to build better and more secure software.
- "My system was built in a traditional and secure way. If I go to a cloud, I'll have to modify it in order to keep it secure."
A system that is built not taking into account good practices will be unsafe regardless the environment in which it is executed and, in fact, what we have regarding on premises environments is the false sense of system security, because where they "run is known" without the system being actually secure.
Gartner presents as a trend the development of self-protected systems, since the idea of an 100% secure environment is not something easy to achieve, which forces developers and system administrators to think out of the box, building new security models directly in applications, since blocks made by firewalls and protection perimeters are no longer enough - even though they are really necessary. Teams with wide knowledge about security that are typically found in cloud service providers (CSP) can provide advice on this development.
In addition, a few Cloud Computing platforms have the ability to shape themselves according to security requirements, instead of demanding software modification in which they will run. Such flexibility will be the easiest way to follow and keep the original security design, not demanding any change in the software. If your software is secure, it shall remain that way.
This same flexibility eliminates the problem related to legacy system migration, making the problem at the end, much more a matter of choosing the right platform.
- "I do not want my data to be accessible outside my company."
Several different techniques can be employed here. Data can be totally encrypted in the cloud service provider environments (CSP) and the keys for decryption can be known only by the source. Data can be accessed by secure communication channels, which can also be provisioned in an entirely dedicated way so that the company will be able to communicate with its CSP - "I will be more attacked once in the cloud".
The questions we have to ask at this point are: Does your company grant access to external environments for employees and customers? Are there critical systems that must be exposed to the world? If the answer is yes to these questions and in case of not having a specialized security team in your company, the risk will be higher in your company than in a CSP.
Cloud service providers keep a unified security management that leverages the security of companies that are on such a platform. These teams knowledge is broad and deep, which takes time and resources to maintain. Such benefits are reversed in services to corporate clients.
Critical systems should be carefully handled and they require platform robustness. A hybrid cloud, uniting the internal infrastructure of the company to a CSP, will bring comfort to maintain the operation of the company in case of a possible connectivity problem and at the same time it will ensure that there will always be a second way to keep your business going.
Traditional IT needs to reinvent itself. You can no longer wait and keep everything as before, when the world is shifting to new technologies that are simpler, cheaper and more reliable. Companies that do not readapt will be left behind by their competitors.
Business units seek market expansion, extended time to pay and cost as competitive advantages, efficiency and operational agility, that IT departments must be able to offer.
Similarly, the new CTOs and CIOs must be flexible to provide agility to their companies, at the cost of being ignored in case they do not do that. You must bear in mind these words: Organization, agility and cost savings. The new IT administrator must think out of the box.
Cloud Computing is the tool. Security, speed and low cost are weapons for companies and for these IT administrators. Cloud Computing is the foundation for the delivery of necessary solutions for any modern company that needs to be competitive. Big data, mobility and social, and any new technology which represent technological or business advantage for companies will be executed in a secure way on the cloud.