Security in the Cloud: The Business Challenge
Cloud solutions fundamentally shift the way that computing services are delivered.
Ten years ago we would have never thought about security in the Cloud. If you think about where you were a decade ago with Information Technology, you’ll remember it was a time before server farms, before the rise of SaaS (software-as-a-service); before many of the protocols we use as standards today. It has always been an ever-evolving system of innovations, improvements and, yes, challenges.
We’ve all received that 3am emergency call, and we all have that stack of priority to-dos that never seem to get done, and whether it’s staff, budget or resources, we’ve all been asked to do more with less But, still, the powers-that-be expect the same level of innovation and iron-clad operation. It is in that same thought that the idea of security-as-a-service, nee, security from the Cloud, presents itself as the next wave in the obvious evolution in protecting your IT assets.
“The Cloud?” “There’s no control in the Cloud.” “The level of protection can’t be as secure as my own home-grown system.” “I’ve invested too much money to change.”
These were variations of the same arguments we had ten years ago before companies developed enterprise server farms, outsourced CRM and ERP to offsite services, etc. We’ve all reaped the benefits from these innovations and paradigm shifts. I think we can dispel the issue that the Cloud is a fringe component of your overall strategy.
Gartner predicts that the total worth of the Cloud computing market will rise to more than $150 billion by 2013. Merrill Lynch agrees. In fact their estimates are slightly more. But that isn’t security-as-a-service you say…well, it will be. So let’s explore why it is already the new paradigm.
Although there are many facets to an enterprise Cloud-based security strategy, let’s focus on identity management, but in particular, access management and user provisioning. Regardless of the function, we all can agree on one thing: traditionally, when it comes to enterprise security, having it is expensive. It is expensive to purchase, expensive to acquire, expensive to license and expensive to procure hardware. Often it is necessary to hire security experts for the implementations which can be quite extensive and long.
As we realized with Cloud-based applications, migrating centralized control of the security features to the cloud realizes an equivalent savings. The cost reductions can be staggering. Just the implementation costs alone (a 2:1 or 3:1--sometimes higher—ratio of professional services costs to software licenses in traditional physical deployments) are cost prohibitive for many organizations.
Cloud-based security can be the great equalizer. With no hardware burdens or software licensing issues, even a $25 million per year company can enjoy the same degree of protection as a Fortune 500 enterprise.
Consider the whole of password management. Results published by Enterprise Management Associates (EMA), estimates that organizations maintain passwords for each of their users at an average cost of $250 every year. What does that mean for your 10,000 employees? That’s a total annual cost $2.5 million—just to maintain password control. However, SSO (single sign on) provides the benefit of centralized password management, which costs much less as compared to the annual costs mentioned above.
Laura Paoletti holds a Bachelor of Science Degree in Computer Information Systems and has been the Vice President of Information Technology at NBC-Universal and Disney ABC Television. She has also held positions at Ernst & Young LLP in the Technology practice. In her role she has been responsible for Applications, Infrastructure and Digital Media. Some of her notable accomplishments include the implementation of applications for Digital Media, Marketing, Finance, Manufacturing (supply chain), Sales and Consumer Products; Implementation of Enterprise Data Warehousing/Business Intelligence systems; Data Center management, including hardware, storage strategies, digital libraries and data center expansion; Implementation of a Project Management office; and Business transformation from a tape to a tapeless environment (digital media). See here for all of Laura's Tom's IT Pro articles.