What makes cloud computing so unique -- how it stores huge amounts of data, helps companies get new offerings up and running quickly, dishes up any service to anyone anywhere -- is exactly why it’s so vulnerable.
Because when a hot new app running on the cloud ramps up from 50 people to 50,000 in just a few days or a collaboration service, which lets employees share ideas worldwide, takes off, success can suddenly become a problem.
Managing registrations and logins for thousands -- or even millions -- of people can create massive new privacy challenges. The rush to climb on the app bandwagon may leave a company open to security breaches. And tracking that only the right people have the right data or programs can create new headaches.
Which is why old security approaches just won’t work when it comes to this new technology. The cloud can grow so quickly and programs, data, devices, and people can be added so rapidly that the only security really up to the job is one that’s automated, fast, and analytical.
Because security teams need to be able to discover and manage weak points across a much wider range of databases, applications, and devices than in the past, rather than just a contained corporate network or online store. Which is why leading-edge companies are turning to security intelligence to proactively recognize the conditions that can lead to an attack -- so they can nip the problem in the bud.
This kind of security intelligence depends on monitoring and pulling together data from across the cloud about a variety of things: whether it's which server or firewall is being added to the system, or alerts that point out employees who are tapping into data that they aren’t supposed to see -- and then applying real-time analytics.
That means that companies need to have sound administrative control over who has access to what data in a company. And they need to be able to coordinate and track the technology changes they’re making. These are no mean feats, but they create the foundation for applying analytics, which is where the best organizations are standing out from the rest when it comes to the cloud.
And it's not just for business, because secure clouds can help governments run more efficiently. Today at the 2013 Federal Cloud Innovation Forum: Innovation Without Risk forum here in Washington, we are announcing a new IBM Federal Cloud Innovation Center dedicated to helping federal agencies and other public sector organizations advance the adoption of cloud computing across the government. The new center, located in the District, will bring IBM’s cloud computing research efforts closer to federal agencies to develop specialized technologies and methods for building mission-ready, secure clouds.
All of these efforts are important because the cloud only looks simple. It’s complexity requires an analytical approach to security. Making the cloud secure is more than just tracking who (or what device) is using which data or program. True security means pulling together many different streams of information, such as the flow of data or use on specific servers or devices, and analyzing this portrait of the communications happening on the cloud to weed out real threats from false ones and squelch breaches before they happen.
We should think about the cloud, its reliability, and its security. Because the cloud opens us all, as individuals and organizations, up to new risks. But that’s the reality of every transformative technology as it comes, from the Web to cell phones. The issue isn’t shutting ourselves off from these innovations, it’s figuring out how to be smart about how we use them.
Steve Robinson, VP of Development, Product Management and Strategy, IBM Security Systems Division
Steve Robinson is the Vice President of Development, Strategy, and Product Management for the IBM Security Systems Division and is responsible for a broad portfolio of commercial security solutions that help IBM clients. He has held many executive positions in sales, technical services and product management. Steve earned his undergraduate degree from Wake Forest University and his MBA from Duke University.