CloudNod

There is a talk that I’ve given a few times with very good response – “How Cloud Computing -Improves- Security”.  We go in to detail on all the areas where cloud providers have (or should have) gone the extra mile relative to the datacenter a customer runs in-house, and how with a solid partnership with your provider – a cloud can be more secure than what you have in-house.  One of the things we discuss during that talk is how users of cloud need to be prepared to spend more on security and compliance to get the level of comfort and risk management they are used to.

The number I like to use is 15% – that for each dollar you save by making a move to cloud computing, you should invest  15 cents to improve security and increase compliance efforts.  The top areas of focus for most should be application security and real-time monitoring efforts.  The security levels that (you thought) worked in your internal datacenters does not necessarily work in the cloud.

Why spend more on application security and monitoring if the cloud is more secure?  Because your applications and systems were likely designed to fit the model of your internal datacenter – a hard outer shell and a warm squishy center.  Although most security professionals hated that model a long, long time ago in favor of a layered approach – it’s the model that persists in most organizations today.  True layered security is expensive and unfortunately, most outside the security community consider it overkill in enterprise environments.

As you plan for a move to cloud, be prepared to invest up front to improve security of your applications and systems before just dropping them on to the cloud.  Amortize your up-front costs using the 15% saved model, and then be prepared to continue to re-invest that 15% going forward.