Cloud computing poses unique security challenges for organizations, and multiple industry surveys have shown that security and privacy are among the key concerns of executives considering the cloud.
To address the challenges of securing the cloud, the Cloud Security Alliance (CSA), a not-for-profit organization made up of cloud vendors, user organizations and other key stakeholders, is developing the concept of cloud-specific "security incident-response teams" (CloudSIRT). Security executives and industry analysts say the initiative is a good move and should help bolster security in the cloud.
For many, the threat of security breaches is the biggest reason why they're reluctant to embrace cloud computing. IT and security executives still aren't convinced that service providers can adequately safeguard their data, particularly when it comes to using public cloud services for business transactions.
Some of this apprehension might be justified. In one of the latest industry surveys on cloud computing, conducted by security services provider Trend Micro in June, 43% of the respondents said their enterprises had experienced a security "lapse" or other problem with their cloud vendors within the past 12 months.
The company queried 1,200 IT decision-makers in the U.S., the U.K., Germany, India, Canada and Japan. According to the survey, respondents said the top barriers to adopting cloud computing are concerns about the security of data or the cloud infrastructure (50%), and concerns about performance and the availability of cloud services (48%).
Another report, released in June by research firm 451 Group, venture capital firm North Bridge Venture Partners and research firm GigaOM Pro, shows that many organizations are still in the early stages of cloud adoption or are taking a wait-and-see approach.
In that survey, 40% of the 413 respondents, including both IT professionals and vendor personnel, said they are only beginning to experiment with a move to the cloud. Another 26% said they are awaiting market maturity before adopting a formal cloud strategy.
Taking a Team Approach
CSA is aiming to quell many of the concerns about cloud security and privacy by promoting the use of best practices for cloud security and providing education on using the cloud to help secure other forms of computing.
In January, the organization began pushing the idea of CloudSIRT, an initiative in which major cloud providers are working to address the future of collaborative incident response and information sharing in the cloud.
The CSA's premise is that SIRTs form the cornerstone of coordinated incident response and security information sharing for government agencies and enterprises, and that the model has worked well for handling malicious activity on the Internet.
But the organization says the advent of cloud computing has created a new set of challenges. The characteristics of cloud computing, such as multitenancy, resource sharing and on-demand provisioning, have the potential to complicate traditional response team operations. As a result, new types of teams are needed, it says.