Security Holes in the Cloud
Many organizations do not have the tools and expertise to manage cloud security properly.
There are obviously a lot of concerns when it comes to the security of cloud computing services, but not too many folks have been all that specific about what their concerns really are. To find out, the folks at The Ponemon Institute surveyed 682 IT professionals on behalf of Dome9 Security, a provider of a firewall management service, to determine what specific security issues were delaying or preventing their adoption of public cloud computing services.
It turns out that the primary issue is not so much the quality of the security of these services as much as it is figuring out how to manage the ports that give people access to those remote servers. When it comes to commodity cloud computing services such as Amazon, the onus of managing and securing the environment falls squarely on the shoulders of the customer. But Larry Ponemon, chairman of The Ponemon Institute, notes that most companies don't have the technologies or processes in place to actually do that.
Dave Meizlik, Dome9 vice president of marketing and business development, says that Dome9 Security is trying to address this very issue with a service that allows IT organizations to remotely manage firewalls that come embedded in servers deployed in cloud computing environments.
While security concerns in the cloud go beyond the opening and closing of ports, the fact remains that security in the cloud needs to start with the fundamentals, which, no matter how you look at it, come down to who has access to what server and when. That may not sound like rocket science, but as it is with most things security-related, it's usually the small stuff that goes a long way to mitigating a huge percentage of the problem.