New Types Of Cloud Need New Types Of Security

Small enterprises getting in on the act

A reliable cloud security service is becoming a viable option for smaller enterprises. Eric Maass, CTO of Rhode Island-based Lighthouse Security Group, which makes a cloud security gateway, designed and deployed the cloud-based identity-access management system used by the U.S. Air Force.

“Because of compliance issues that are kind of raining down, we’re seeing midrange and SMBs trying to become PCI- or SOX- (Sarbanes-Oxley Act-) compliant. And they’re being asked to step up their security to do business with Fortune 500 companies,” Maass told eWEEK. “They’re trying to figure out cloud security internally for the first time, and the approach of throwing lots of bodies, time and money at the problem to see what sticks is not amenable to organisations of that size. Large companies can do it, but smaller ones don’t have the budget or expertise.”

The obvious answer is a cloud-delivered security service of some kind that is flexible enough to work within a firewall and with public cloud services.

New markets

Forrester Research projects that the cloud security market will grow to $1.5 billion (£950 million) by 2015, resulting in a shift that will disrupt what Forrester calls the “security solution ecosystem.”

In a report entitled “Security and the Cloud,” Forrester analyst Jonathan Penn predicted that rather than reallocating portions of existing security budgets to cloud computing, organisations will allocate money to security within cloud projects, creating “a whole new category of revenue for the security market.”

“I’d still say that there’s a lot more activity on SaaS (software as a service) enabling security solutions—security in the cloud—than solutions that secure cloud,” Penn told eWEEK.

“Concerns about cloud security have grown in the past few years,” he added. “In 2009, the fear was abstract: a general concern, as there is with all new technologies when they’re introduced. … Today, however, concerns are both more specific and more weighty. We see organisations placing a lot more scrutiny on cloud providers as to their controls and security processes, and they are more likely to defer adoption because of security inadequacies than to go ahead despite them.”

In the report, Penn wrote that the areas most likely to provide opportunities in the cloud for vendors are data security, identity and access management, cloud governance, application security and operational security.