Customer fears around cloud security should be a serious concern for resellers struggling to tap into what is heralded by analysts and vendors alike as a growing market.
Worries about security and privacy are the flipside of the cloud coin, which offers the benefits of flexibility and operational efficiency, and according to Forrester’s research are having an impact on the movement to the could.
In its How secure is your cloud? research the analyst house concluded that there had to be better ways of evaluating the risks of a hosted solution and the pressure was on IT professionals and resellers to provide that advice for customers.
“It security professionals must develop better ways of evaluating the security and privacy practices of cloud services,” stated the report.
Forrester recommended that an assessment of the suitability of a cloud solution should include: data protection, compliance, privacy, identity management, secure operations and other related security and legal issues.
The report quoted Steve Whitlock, board member from the Jericho Forum, who said that although it saw the benefits of the cloud it could also identify the “risks, security issues and interoperability issues”.
As a consequence the analyst house believes the pressure on those looking after security for customers will be to move away from focusing purely on operations to a compliance and requirements-focused job
Forrester also called for more agreed industry standards to make it easier for vendors to make collaboration between different vendors and products more straightforward.
Recent research from Websense showed a number of IT security managers were taking a laid back attitude towards staff using web 2.0 tools that they had no control over outside of the office.
Significant numbers of companies admitted they were failing to screen web sites, could not prevent URL re-directs and could not detect embedded malicious code on trusted sites.
All that provides a picture of a failure by many companies to protect against the web in its current form before any deployment of cloud-based services.
Plus, when it comes to selling hosted security products Ian Kilpatrick, chairman of Wick Hill, said that there still remained some work to be done to increase involvement from the channel.
“For cloud security to succeed the channel is key, resistance from the channel to cloud security for SMEs has already shown itself in the low base that cloud security has, despite being around for many years,” said Kilpatrick.
“Interestingly large parts of the security environment are suitable for a cloud security approach - firewalling, VoIP security, web and email, two factor authentication, anti virus, remote end point security all fit fairly well into the cloud security approach,” he added.