Security and the Cloud: Closing the Gap as the Market Grows

Monday, September 22, 2014

John Hawkins


The cloud is a major presence in technology news and a trending topic that seems to pop up everywhere these days. The cloud certainly has the potential to transform computing across the spectrum, from individuals to SMBs to multinational corporations and is rapidly becoming an essential part of the way companies do business.

Many IT decision makers feel pressure to adopt the cloud for the sake of not being left behind. But moving to the cloud is usually easier said than done. As with any technology advancement, there are growing pains. Each company has a unique portfolio of IT assets as well as specialized business objectives, all of which adds complexity to the process of moving from legacy systems to the cloud.

The Cloud Services Market is Growing

The market is strong for public cloud services; recent Gartner research projects the public cloud IaaS market to grow cumulatively to $128 billion dollars from 2014 to 2018. That computes out to a robust compound annual growth rate (CAGR) of 35 percent. In addition, private cloud adoption is forecasted to reach 72 percent in 2014. In just a couple of years, private cloud will give way to hybrid cloud; by 2016 at least 50 percent of large enterprises will have a hybrid cloud solution in place. The cloud is big business

with seemingly little in the way to stop its forward progress, and everyone wants in on the action. So it’s not surprising that service providers, system integrators and others are scrambling to capitalize on the hyper growth of cloud.

Interestingly, while these numbers show tremendous growth in cloud there are other data points that show a different side. In another study, also by Gartner, the size of the market for cloud security appears to be trailing behind other cloud services. Cloud security was a minimal $2.1 billion in 2013 and estimated to grow to only $3.1 billion by 2015. While this represents solid growth, it doesn’t come close to the CAGR of the overall cloud market. We could draw a lot of conclusions from the data, but one thing we know for sure is that while the cloud is growing at a breakneck pace, it’s not without barriers to entry. Security concerns, and a lack of secure solutions, could easily put a damper on cloud growth.

In a separate report published by KPMG, survey data relates that 48 percent of enterprise leaders are concerned about general loss of control in the move to the cloud, while 42 percent are concerned that there isn’t an optimal method for migrating corporate data and workloads to the cloud. In fact, 42 percent related that moving existing infrastructure is too complex. Finally, 39 percent have concerns related to the loss of data and privacy.

Taken together, these data points clearly indicate a common fear amongst leadership: by going to cloud, businesses are worried about losing corporate intellectual property and wasting resources. It isn’t a great leap to hypothesize that the lack of investment in cloud security innovation could be hindering the growth of cloud adoption. From the executive’s perspective, the value proposition of moving to the cloud isn’t always clear. If risk factors are deemed too significant, the potential benefits of cloud adoption become a moot point, however enticing they may be.

Tackling the Migration of Workloads to the Cloud

Disparities between the desired state of the cloud and the enterprise class cloud services that are currently available from service providers come to be viewed as flaws in the technology. Adoption slows as IT decision-makers wait for integrated and complete solutions they can trust. For example, one major component still not universally available is automated migration of workloads to cloud. Commonly referred to as cloud onboarding, it is the process of moving a workload from one cloud provider to another. Most providers are still onboarding customer workloads using manual methods that are extremely expensive and labor-intensive; it can cost thousands of dollars to move a single workload.

Today, there are a few companies tackling the challenge of streamlining the migration of workloads to the cloud. These are SaaS-based solutions that automate the core processes of cloud migration. Until recently, these SaaS solutions required the workload to be extracted from the source environment and moved into the control plane environment in order to execute the conversion process. Unfortunately, with this approach, all workloads would have to traverse the public Internet in order to be converted and deployed into the target cloud—creating a significant vulnerability. In hybrid cloud models, workloads frequently move between private and public clouds; clearly, a secure methodology is critical.

Besides the obvious risk involved in moving any data across the public Internet, compliance requirements and legal standards play a significant role in cloud security concerns. When migrating workloads to the cloud, there are a variety of acts and policies that need to be considered and adhered to with regards to data security. For instance, the Health Insurance Portability and Accountability Act (HIPAA), which stipulates that all sensitive patient information must be kept private and that specific steps must be taken to ensure data security at all times. Likewise, Electronic Medical Record compliance mandates that cloud servers require proper authentication to access medical data.

Any business that processes sales and payments online must use Payment Card Industry (PCI) compliant technology. Businesses must also consider Sarbanes-Oxley (SOX) compliance, including requirements around securely maintaining and backing up appropriate log files and documentation.

Many enterprises have additional considerations specific to their industry, supply chain relationships, or contractual obligations. Beyond being able to prove complete security coverage for compliance purposes, a strong security posture protects brand reputation and provides a competitive advantage.

Closing the Cloud Migration Security Gap

Unique SaaS-based solutions are emerging that will close the cloud migration security gap. In this approach, a source modeler (cloud appliance) is deployed into the target private or public cloud.

Leveraging an existing direct connection between the source and target cloud environments, the workload attributes are collected and sent to the SaaS control plane. Based on the attributes, a set of VMs equal to the source are created and deployed to the target cloud datacenter. The workload data is then collected directly from the source, overlaid onto the target VMs, booted and deployed into the cloud.

By moving data within the trusted network connection, the need to leverage the public Internet to transfer server data is completely avoided. Such an approach mitigates security concerns associated with migrating workloads from a source datacenter into public and private clouds, as well as issues associated with data sovereignty, which in and of itself represents another gap in cloud technology.

In addition to maintaining a high level of security throughout the migration process, this approach increases the speed with which workloads can be moved. It is no longer necessary to open tickets with network administrators to edit WAN settings in order to access source servers. The control plane has enough information to identify bottlenecks and trouble spots in the migration process, further streamlining the process and ensuring a higher global quality of service.

Bridging the Technology Gap

Innovations in cloud migration security will be a boon to enterprises eager to begin migrating workloads from a source datacenter into private or trusted private clouds, but concerned about security and compliance issues. Faster, automated, and secure migration solutions will accelerate the growth of the private cloud market by enhancing efficiency and building confidence in a fairly new and often complex process. Bridging technology gaps paves the way for increased cost savings, enterprise agility, and further innovation.


John M. Hawkins is a Senior Director of Services at RiverMeadow Software. Hawkins has more than 20 years of Software IT/Consulting experience.

Cloud Security
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.