Cloud Adoption Can Boost Security for an SMB

When it comes to adopting delivery models such as the cloud, one of the biggest concerns for small and midsize businesses (SMB) is security. However, it is unclear whether those concerns are founded. Cybercrime is increasing, and not just because of increased cloud adoption.

I cannot remember many situations in which the cloud has been the root cause of an attack. Distributed denial-of-service attacks, SQL injections and cross-site scripting are usually used to attack enterprises, and zero-day vulnerabilities have also been exploited inside enterprises.

Though utilizing a security service is an additional cost, it is now mandatory for organizations of all sizes. An enterprise might as well not exist if it isn’t on the Internet — and if you are on the Internet, you are exposed to cybercrime. This is even more important for an SMB, which must invest in innovation while operating on a very limited budget.

For the aforementioned reasons, investing in security is vital.

The Cost of Security and Innovation for an SMB

It is important to consolidate the needs of innovation with the cost of upholding security, data resiliency and your infrastructure. Usually, the cloud is the answer, and the shift from an on-premises system to the cloud should be undertaken with attention to security.

In fact, once you decide to move some of your workload to the cloud, your cloud security could be considered even more secure than your on-premises systems if users and providers adapt the concept of security to the new delivery model. It is important that providers and users understand that the new concept for security needs to be flexible, not static. Like all cloud services, this concept needs to be more automatic and less manual.

In this case, the enterprise’s investments can be minimized, and the enterprise can rely on skills and technologies provided by vendors to provide those services. This is typical of cloud service providers for different types of workloads and security.

What to Consider When Moving to the Cloud

Understanding who is accessing the cloud from anywhere at any time is likely one of the biggest concerns for companies considering a move to the cloud. Inside an enterprise, identity and access management refers to identities and resources within the enterprise. When moving resources to the cloud, you risk losing control of who is accessing what. It is important to maintain a consistent level of control, even if you are accepting some natural standardization. It is also important to ensure the management of identities and resources in the public cloud is synchronized with the management of resources and identities inside the enterprise.

On the other hand, identity management is one workload that can typically be moved to the public cloud. Moving to the cloud can also let enterprises leverage different authentications that are already available. Therefore, moving to the cloud doesn’t just increase security; it may also reduce the cost of the service itself.

Preventing Against Exploits

How is it possible to fix vulnerabilities and defend against attacks before the vulnerabilities are exploited? Data is the element of the service that often represents the business and is typically the workload moved to the cloud. In this case, it is also important to assess the level of confidentiality the data should have and plan for maintaining that level of protection.

How can we obtain a comprehensive view of the cloud and traditional environments? Inside an enterprise, it is possible to control all the events and flows and relate them to possible offenses. But if some services are provided from the cloud? This implies that attacking a service provider is enough to attack the enterprise the contracted it. In this case, what is important is that events and flows from the cloud are integrated into the security intelligence framework designed for the enterprise.

Moving to the cloud is possible, and possibly more secure — just be sure to consider security during the shift.

Share this Article:
Domenico Raguseo

Technical Sales and Solutions Leader in Europe, IBM Security

Domenico Raguseo is currently Manager of Technical Sales in Europe for the Security Systems Division. He has over 15 years of management experience in different areas. Domenico also cooperates with several Universities by teaching Service Management, Cloud Computing. Since 2010 Domenico is member of Educational Scientific Council for the Master in IT Governance at the University of Rome La Sapienza (http://w3.uniroma1.it/mastersicurezza/index.php/master-itgov/direzione). Domenico got in IBM a certification as IBM Master Inventor for the multiple patents and publications in several disciplines (Business Processes, ROI, Messages and Collaborations, Networking). Finally, he is speaker on Information Security Management, Service Management, Cloud computing, Energy Optimization and Smarter Planet in several national and international events.