SLAs and outages associated with cloud haunt the CIOs: Websense
“While industry is beginning to see some optimism around adoption of cloud, two key deliverable SLAs of uptime and risks of outages associated with cloud still haunt the CIOs,” says Surendra Singh, Regional Director, SAARC and India, Websense, in an interview with Mohd Ujaley
What changes are you noticing in enterprise security with the evolution of cloud?
It is true that Cloud has helped in improving the efficiency of the functioning of organisation. It also has a profound impact on the cost, return of investment of the small, medium and large enterprises. However with the rise of cloud, even the security challenges have risen.
As the Cloud gains more data, organisations are facilitating the access of this data through various kinds of devices, whether desktop, tablet or mobile. Because of this, we will see criminals going after the mobile device – not to simply crack a phone code and steal data from the device itself – but as a vector into the growing data resources that the devices can freely access in the Cloud.
With the auto-login capability of mobile apps, mobile devices will increasingly be targeted for broader credential-stealing or authentication attacks to be used at a later date. These attacks will use the phone as an access point to the increasing Cloud-based enterprise applications and data resources that the devices can freely access.
What should a cloud company do to gain the confidence of CIOs?
While industry is beginning to see some optimism around adoption of cloud, two key deliverable SLAs of uptime and risks of outages associated with cloud still haunt the CIOs. As cyber warfare against enterprises grows more brutal by the year, cloud computing technology is also at risk for cyber attacks such as malware and phishing. Cloud storage tools have been subject to notable cyber threats, subsequently compromising the data stored on the cloud by users. As the enterprises are still not confident of putting all security pieces on cloud, the vendor must be able to offer both pure cloud based services and hybrid kind of solutions. There could be times when the CIOs might want to have an on premise security offering for the head offices and hosted solutions for the branches. Also, the CXOs must ensure the vendors’ back up and service strategy during such snags.
From enterprise demands perspective, what are the key reasons that are driving the demand for enterprise cloud security?
With most of the businesses moving into cloud, cloud security has emerged to become more important than ever before. The instances where miscreants attacking the cloud infrastructure of Target retail, Home Depot and other banks, points to the fact that businesses require to take necessary steps before venturing into the cloud. Earlier businesses were of the misconception that cloud in itself is safe and they would not require any additional security to protect their data residing on cloud. However, this belief among companies is now slowly fading and businesses are now adopting cloud security solutions more vigorously than ever before.
USA and European nations have been the frontrunners in adoption of these technologies and main reasons attributed behind this trend is that the cloud adoption here is high and at the same time they form the favorite targets for the attackers. When one looks at India, it is not far behind in the race and the rate of adoption among them is expected to grow in the coming years.
The cloud security market is experiencing drastic changes where demand for these solutions in some geographic regions is growing rapidly and have recorded above average growth rate. The market demography comprises of seasoned as well as emerging players who offer solutions independently and also combined with cloud provider.
What kind of opportunities do you see in Government’s Digital India and Smart Cities initiatives for enterprise security vendors?
India is witnessing an evolution of Smart Cities due to innovations in information technology and increasing digitalization. The integrated digital foot print created by Digital India and Smart Cities will bring about formidable and increasing demand on resources to defend against the multiplying threat levels and entry points.
While smart cities create new economic and social opportunities; they are also creating an increasingly large attack surface for criminals to exploit as an initial foothold or vector into otherwise well-protected IT environments. The government initiative that seeks to transform the country into a connected economy can be successful only when security of the connected devices is assured.
The increasing synchronization and interpretation of existing digital data and processes within government departments will require maximizing security posture while keeping critical data flowing in such a daunting threat environment. This will also mean that they will have to securely handle an overwhelming volume of data flow while also positioning their security assets to minimize threat event opportunities.
