Multiple Perspectives on Security

Security Journal

Subscribe to Security Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Security Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Security Journal Authors: Elizabeth White, Yeshim Deniz, Pat Romanski, Maria C. Horton, Liz McMillan

Related Topics: Cloud Computing, Virtualization Magazine, Enterprise Architecture, Security Journal, Cloud Computing Newswire, Secure Cloud Computing

Cloud Computing: Article

Invest 15% of Cloud Savings in Security

Want to save more? Be ready to spend more.

There is a talk that I've given a few times with very good response - "How Cloud Computing -Improves- Security".  We go in to detail on all the areas where cloud providers have (or should have) gone the extra mile relative to the datacenter a customer runs in-house, and how with a solid partnership with your provider - a cloud can be more secure than what you have in-house.  One of the things we discuss during that talk is how users of cloud need to be prepared to spend more on security and compliance to get the level of comfort and risk management they are used to.

The number I like to use is 15% - that for each dollar you save by making a move to cloud computing, you should invest  15 cents to improve security and increase compliance efforts.  The top areas of focus for most should be application security and real-time monitoring efforts.  The security levels that (you thought) worked in your internal datacenters does not necessarily work in the cloud.

Why spend more on application security and monitoring if the cloud is more secure?  Because your applications and systems were likely designed to fit the model of your internal datacenter - a hard outer shell and a warm squishy center.  Although most security professionals hated that model a long, long time ago in favor of a layered approach - it's the model that persists in most organizations today.  True layered security is expensive and unfortunately, most outside the security community consider it overkill in enterprise environments.

As you plan for a move to cloud, be prepared to invest up front to improve security of your applications and systems before just dropping them on to the cloud.  Amortize your up-front costs using the 15% saved model, and then be prepared to continue to re-invest that 15% going forward.

Follow Scott Sanchez on twitter for more ramblings:

Notice: This article was originally posted at by Scott Sanchez and is his personal opinion.

Copyright 2010 Scott Sanchez, All Rights Reserved.

More Stories By Scott Sanchez

A recognized thought leader on cloud computing, enterprise architecture and security, Scott Sanchez is a jack of all trades that has held strategy and leadership roles at Goldman Sachs, Bristol-Myers Squibb, Unisys and a number of technology startups along the way.