Jim Reavis, co-founder and executive director of Cloud Security Alliance (CSA), said traditional IT security practices have always been black and white in that tech departments know they have complete control over the company's hardware and infrastructure.
In knowing this, they can develop their own security regime or outsource it to a third-party provider completely, Reavis added during the CloudSec 2012 conference held here on Wednesday.
With cloud computing though, IT security has become more "grey" as traditional practices no longer apply. Companies and their IT teams will not know which part of the infrastructure they have control over and will have to work with service providers to ensure their systems are safe, he noted.
For companies that persists in the old mode of provisioning security for cloud-based IT systems, they will discover that such practices would hinder the scalability, agility, and lowered costs that cloud computing promises to deliver, noted Dave Asprey, global vice president of cloud security at Trend Micro.
The executive, who was also present at the CloudSec conference Wednesday, added IT departments are not being aggressive enough in adopting new technologies, particularly during the migration to cloud. For instance, when moving from physical to virtualized servers, companies will have to navigate through different components of an integrated IT environment such as public cloud services and desktop virtualization. In doing so, they end up deploying a glut of security products to protect the individual deployments.
Such actions, Asprey noted, negate the benefits of moving to cloud as they lower security, increase total cost of ownership, and make their IT systems more complex to manage.
Organizations should opt for a single management console or craft an integrated security model instead, he suggested. This model must enhance security across all systems at the same time, provide visibility to each component of the infrastructure, and have automated patching for the virtualized servers, he said.
Timothy Grance, senior computer scientist at National Institute of Standards and Technology (NIST), added during the conference that, above all, business factors must be considered alongside security. These include evaluating and understanding service level agreements (SLAs), he said.
Companies should also not be paralyzed by potential legal, security, and technical issues during the migration process in order to fully realize the potential of cloud computing, Grance urged.
Juniper Networks banking on India rebound
India's telecommunications industry has been through tough times with steep competition and regulatory complications and uncertainty, but it will emerge from these challenges to recover and companies such as Juniper Networks is poised to benefit from the upturn.Douglas Murray, senior vice president for Asia-Pacific at Juniper Networks, told ZDNet Asia in a recent interview that 2012 has been a particularly difficult year for India-based telcos because of steep industry competition and policy complications from the revoking of existing 2G spectrum licenses earlier in February.
These were key reasons why there was a drop in the networking equipment maker's Asia-Pacific revenue in the second quarter, which slid 12 percent year-on-year. This dragged the wider group revenue down by 4 percent to US$1.07 billion for the three months ended June, Murray stated.
"The enterprise segment was fine, but for service providers, demand slowed down in 2012. However, over the next few quarters it should pick up," he said.
The senior vice president noted that competition among operators mean more of them need to start upgrading their networks to stay in the game. "As a result of all the competition, the service providers will seek to become more efficient in running their businesses, [and] that's where spending on new networks will come in," he said.
Murray was more bullish on the Chinese market, despite a wider slowdown in the economy expected for the rest of the year. Mobility and cloud computing are two areas that would still see strong growth despite the decelerating economy, he said.
As for the industry shift toward software defined networks, the executive said the company was well-positioned for it and played down the threat posed by VMware's acquisition of network virtualization company Nicira in July. This comes amid speculation that the merger would eventually erode business for equipment makers like Juniper Networks.
He noted the move was complementary to what his company has been pushing for and has been investing in with its own network operating system, Junos.
Mobile security lacking
Murray added that in terms of mobile security, companies are still not spending enough on creating and implementing mobile security policies that address the rapid growth in mobility and bring-your-own-device (BYOD) trend.
He cited examples of how employees of companies he has consulted raising serious security breaches due to the difficulty of following protocols or not understanding them as a result.
The executive reiterated what IDC analyst Tim Dillon said in May, when he pointed out many companies are not allocating enough resources to secure employees' mobile devices.
It will be difficult to change people's mindsets regarding mobile security, and it would take enterprises willing to face the challenge head on or mobile operators taking the lead to ensure traffic running through their networks are clean to improve the situation, Murray said.
Otherwise, it might take a "bad" security breach to an enterprise to shake the industry up and jolt others into paying more attention to mobile security, he added.
No comments:
Post a Comment