Infographics: Cloud Computing Market Overview – 2017

Cloud-security

Amazon Web Services Continues to Dominate the Cloud Infrastructure: According to Synergy Research Group’s report, not much has changed in 2017’s cloud infrastructure leaderboard. The paramount benchmark of 34% cloud share for AWS left behind the richest IT Company Microsoft at 11%, while IBM and Google at 8% and 5% respectively. In the wake of tremendous technological development, where Technology has spread its unforeseen wings, manufacturers continue to feed on the long term consumption plan development by engulfing consumers into IoT and cloud services. With Technology field showing the highest consumption of over 78.20%, other cloud consuming industries have surfaced with almost negligible indexes, namely Consumer Services 10.49%, Consumer Goods 6.21% and Finance 5.1%.

Tech Experts Forecast an Unprecedented Upsurge in Global Public Cloud Services: The world, where virtual realities have started to take precedence over the concrete ones, predicts a blasting expansion of cloud services in the upcoming years. Rapid expansion of cloud infrastructure due to the era defining fields of Web services, IoT and Artificial Intelligence is likely to surface soon. With the current capital of over $260 Billion, it aims to expand at least with a massive $50 Billion capital inclusion per year in the coming years. See below infographic for more details.

Cloud-Computing-Market-Overview-2017

Share this Image On Your Site

Top 6 Disruptive Trends: Shaping the Future of Public Cloud

ccom
Talking of public cloud, provisioning storage, launching VMs and configuring networks are no more cutting edges. New IaaS capabilities enable enterprises to operate their workloads in the cloud. Innovative Cloud services are helping organisations drive transformation through agility, cost effectiveness and reduced IT complexities. With IaaS evolving at a rapid rate, the public cloud is seemingly gearing up to the next level.

Cloud providers have already started investing in emerging cloud technologies that will deliver managed services to the customers. Here are six disruptive trends that are shaping the future of the public cloud.

Serverless Computing:

Serverless Computing or more precisely, FaaS(Functions as a Service) focus on code instead of infrastructure – delivering what PaaS promises. It enables developers to write modular functions that perform one task at a time. By writing and executing multiple such functions, a meaning and complex application is built. The best part is, it allows developers select framework, language and runtime of their choice instead of using a particular platform. This implies, each developer has liberty to choose his preferred language and deliver a module.

Serverless Computing or FaaS is rapidly becoming the most preferred way of running code in the cloud.

Blockchain as a Service:

Bitcoin is considered dead long ago, but the technology behind it is alive and kicking to make public cloud all the more powerful. Blockchain is a cryptographic data structure used to create a digital ledger of the transaction happening across distributed networks of computers. It eliminates the need for central authority as cryptography is the only medium to manipulate ledger. However, in this environment, transactions are immutable meaning operations once made cannot be modified. Transactions are verified by the parties involved in the transaction.

Blockchains have many use cases in the domains spanning across manufacturing, finance, healthcare, supply chain and real estate.

Cognitive Computing:

Cognitive Computing adds human senses to the computers. It simulates human thoughts by applying latest technologies like natural language processing, machine learning, neural networks, deep learning and of course, artificial intelligence.

Multiple factors fuelling the trend of Cognitive Computing are affordable hardware, abundant storage, seamless connectivity and compute capacity.

Heavy lifting needed to process the inputs for cognitive computing is handled by deep-pocketed cloud providers. Only the simplest of APIs are exposed for the developers to comprehend and build compelling interfaces for applications.

Data Science as a Service:

Managed NoSQL and relational database started data revolution in the cloud but Hadoop and Big Data empowered the public cloud.

Public Cloud Data Platform takes care of everything spanning from data ingestion to processing, analysis and visualisation. Machine Learning for data enables organisations to tap the power of data analysis and execute predictive analytics.

As organisations are shifting data to the public cloud, they will be catered with an end-to-end approach by the cloud providers for more actionable insights to customers.

Verticalized IoT PaaS:

Internet of Things – the next big thing that is taking distributed computing network by storm already is deployed by organisations for device management capabilities, predictive analytics, data processing pipelines and business intelligence.

Mainstream cloud providers are reaping the benefits of IoT to drive device management, data processing capabilities and cloud-based M2M connectivity.

It is expected that going forward; the cloud providers will use IoT platforms to target automobiles, retail, manufacturing, healthcare and consumer markets. It is soon going to become the prime enabler for Data Science as a Service.

Containers as a Service:

Containers have already buzzing in the cloud market. Though it is as young as two years old, enterprises are readily using containers alongside VMs.

New categories like orchestration, logging, security, monitoring and container management are evolving rapidly. However, when microservices and container workloads become mainstream, they will increasingly dominate the public cloud deployment space. It is poised to be the fastest growing delivery model in the arena of the public cloud.

In conclusion, it is inferred that future of cloud is dictated by the data driven applications powered by Blockchains and IoT. Containers, Serverless Services and the Microservices will be used to deal with the abundance of data hitting the cloud!

Cloud Computing in Banking Environment

Cloud is a distinct IT environment that remotely provides measured and scalable IT resources, and relies on a pool of shared physical and virtual resources rather than deployment of personal or local software and hardware. Cloud deployment offers great choice in choosing the management required and level of security, and hence is suitable for almost any business. Although there is no magic bullet that can meet all the requirements, cloud computing offers several advantages to the financial institutions. These benefits include:

Cost-saving– The large up-front capital expenditure can be turned into ongoing, smaller operational cost without any bulk investments in new software and hardware.

Business continuity– In cloud computing, the service provider manages the technology, and banking firms can have higher levels of fault tolerance, data protection and disaster recover. Cloud computing also offers a high level of back-up and redundancy at lower cost.

Usage-based billing– Institutions can pick and choose the services based on pay-as-you-go basis.

Business agility– As the cloud is available on demand, the infrastructure investment is minimized, saving the time for initial set-up. The development cycle for the new products is reduced, leading to more efficient and faster response to the customers.

Business focus– Financial firms can move non-critical services such as software patches, maintenance etc. to the cloud, and can focus on their core business areas, not IT.

Green IT– Transferring banking services to the cloud reduces carbon footprint and energy consumption, and there is minimized idle time with more efficient utilization of computing power.

Cloud Service Models

Cloud computing offers more flexible business models to the financial institutions which lowers operational costs. However, it is essential to select the cloud service model that best matches the core business requirements. These models are:

BPaaS– Business Process-as-a-service- Used for general processes such as payroll, billing, human resources etc.

SaaS– (Software-as-a-service) – Users can access the software and data from their browser, and business software and related data are housed by the cloud service provider. Accounting, enterprise resource planning (ERP), customer relation management (CRM), human resource management, invoicing, service desk management and content management software can be delivered using this model.

IaaS (Infrastructure-as-a-service) – Rather than purchasing software, servers, network equipment or data centre space, the businesses can buy these resources as fully outsourced services.

PaaS( Platform-as-a-service) – In this model, the cloud service provider offers a complete platform to the businesses to develop , run and manage their applications without engaging in the infrastructure complexities associated with application development and launch.
visual-model-of-cloud-computing
There are three types of commonly deployed clouds. Private cloud is operated specifically for a given company and is most secure of all options. The company may exist on or off the premises, and can be managed either by the company, or by a third party. Public clouds are for a large industry group or for the general public, and ownership lies with the cloud service seller. Hybrid infrastructure consists of two or more public or private clouds that are linked but remain unique entities.

Banking on the Cloud

Banking industry needs to address the ever-growing data input demands, and there is a need to explore the systems that do not rely on like-system migration so that infrastructure can be modified without any disruption. Banks have been slow in adopting cloud computing as there are apprehensions regarding lack of control and environment sprawl which can lead to reliability issues and security risks. Banks also want their financial data to be secured with controlled access. Public clouds come with the issues such as location, regulation, recoverability and liability, and this has led to slow adoption and deployment of cloud computing in the banking sector.

However, cloud computing can change the way consumers interact with banks, and migration to the suitable cloud computing model offer several benefits. Understanding the migration and entire process of migration can be quite beneficial in the long-term. The first step for the banking firms towards cloud computing adoption is opting for the private cloud as it gives banks more control, increased flexibility and reduced complexity. The banks can also alter their resource configuration to match the changes in the demand of their services. The risk of security breach in the private cloud is minimized as it is deployed within the firewall of the organisation. Using VPN (Virtual Private Network), the IT infrastructure of the company can be easily and quickly moved over a single private network. Using private clouds, banks can operate at high transaction volumes without slowing the processes and without overloading the network. The services become more efficient due to dedicated resources of each unit, improving the customer experience. Private clouds offer safety and affordability as the resources are rented, and not purchased. The total cost of ownership is reduced as the capital expenditure is converted to the operating expenditure. Private clouds are safe, affordable and enable easy transition in banking leading to long term success. Banking sector applications are very critical, private clouds provide increased security to ensure that the data is not misplaced or lost. Public clouds offer economies of scale, cost benefit and ROI, whereas private cloud offers high levels of security.

Given the concerns regarding control and security, banks can opt for incremental approach which involves using cloud computing to the non-core operations initially, and gradually move more and more operations and processes to the cloud depending on the benefits. Banks need to work on cloud reference architecture, and try to achieve business agility for business model transformation.

As there is no one-solution-fits-all option available, banks need to consider few key aspects. It is essential to thoroughly evaluate all the challenges and advantages associated with cloud computing with respect to their complete range of services- core and non-core. Additionally, geographic regulations, penalty clauses, business criticalities, interoperability and interface impact, audit requirement mandates, and technology are some of the aspects that must be thoroughly assessed. Choice of the cloud model must be evaluated based on the control of the governance and support provided by the service vendor. Non-core banking applications that do not need strict governance and stringent monitoring are suited for SaaS model, whereas IaaS is more suitable for the business critical applications that need to be closely monitored. Banks must keep in mind that the vendor must provide transparency in the security procedures and policies.

Conclusion

Banks these days offer a plethora of services, and hence they have varied requirements regarding the movement of applications to the cloud. Cloud computing can help banks create more agile and flexible business offerings for the competitive and growing markets, and help them transform their business processes. They can explore and grow into the new markets and sectors, and improve their services to the customers across different geographic locations, and integrate customer information and analytics.

Computing Everywhere

Modern communication has changed the way people work on their laptops, tablets, smartphones, and even the wearable devices. People work at their own pace and convenience, and office is no longer the place where people congregate to work. The latest communication and computing techniques have broken down the conformity, giving more flexibility, choice and freedom in daily tasks. Automated computing has made the repetitive and tedious paperwork obsolete, making the processes smoother. This is keeping the workers happier and more productive, making them less inclined to leave jobs.

Computing everywhere is similar to IoT (Internet of Things), however the emphasis is not only on online connection, but also on the working interface on the regular objects. Essentially, users can manage the content on different interconnected devices. Apple watch and Google Glass can both be considered as the latest additions to the ever growing number of varied computing devices. Apple’s Siri, Google Now and Alexa have been listening to us, and the conversation is continuously evolving, blurring the perception of the experience with our devices. These devices can sense our environments, feel our emotions and personalize our experiences. Gauging and notifying about road rage, analysing health from facial recognition, and notifying about binge shopping are becoming a reality, taking our interactions with machines to the next level. Personal assistants are learning our preferences and behaviours, reminding us to take our pills, monitoring our sleep, reminding us to shop, or to brush our teeth. Washing machines to thermostats to dog collars, everything is being increasingly connected to the Internet, and taking advantage of this connectivity. Recognition and gesture computing is helping our smart devices to understand the voices, movements and photos, enabling them to have perception of the world around them, learn from this perception and increasingly become more intelligent. These devices are becoming an integral part of our families and offices, guiding us in our personal and professional lives by sensing our emotions and take actions accordingly. The huge volume of generated data is processed to define human intelligence. Computing everywhere is crumbling the barrier between man and machine as there are efforts to replicate intelligence.

Gartner coined the term ‘Computing Everywhere’ for this change where the computing devices have penetrated every aspect of our lives. We start our day with swiping the mobile screen for mails, continuing work on the laptop in the office, and work on the tablet at home in the night: this is computing everywhere, and is considered one of the most strategic technology trends for 2015-16. As compared to 14 million internet users in 1993, there are over 3.5 billion users today, and the trend continues to grow. The number of connected devices is expected to be 50 billion by 2020. It is estimated that the employee-owned tablets and smart phones as a BYOD (Bring Your Own Device) policy will be more than one billion devices globally by 2018.

This is the result of gradual increase in the mobile adoption, and the fact that mobile devices are helping employees maintain a good work-life balance. However, there are several challenges involved in this.

For IT departments, there are huge implications from security, as well as productivity point of view. Employees demand access to the core business data and applications using any device they own. Each employee needs to have access to the information, however, it is essential that the critical and sensitive information reaches only the right people, while complying with the relevant regulations. There is no more perimeter over which a security blanket can be easily thrown. The big challenge for the companies is that either the business applications are not available for mobile device, or they do not have a device-optimized UX due to a wide array of disparate applications on different hardware and platform.

To maintain competitiveness and profitability in this ever-evolving dynamically computing everywhere world, companies need an in-depth understanding of the processes, making up this information flow, and then automating the ones that can be automated. The processes that cannot be automated need to be streamlined, else information sharing can become insecure, inefficient and chaotic. This requires a whole new thinking paradigm on how the businesses operate, and how information is flowing within and across these business units, without compromising on the data security.

Information computing is all around us, we can compute everywhere: on our smartphones, desktops, tablets, laptop- as long as there is internet connectivity. With computing everywhere, we need to get ready for the future where the interaction boundary between computing devices and humans is gradually blurring out. Success of computing anywhere depends on the solid integration strategy for the core enterprise data and applications, keeping in mind the emerging endpoint devices such as Microsoft HoloLens and Apple Watch.

Startup Sutra: To Scale Quick, Ride A Cloud

Small is Big makes a catchy label for a startup to stick at the office water cooler. But Small is Big with cloud computing makes for business gyan. To put it in another way, Startup + Cloud = Another Facebook kind of valuation in the works (read on to know how). So think big. Work smart. Keep it lean and mean. Deliver stuff that works straight off the shelf. That’s what the cloud is all about, particularly for a startup. Enabling anyone to do any work or any play anywhere, anyplace, anytime. Is that not why when people say they are on cloud, they mean they are on cloud nine, eight times out of nine?

Reverse the equation for a moment. What if you are a startup actually offering cloud services? Impossible is nothing! You can potentially set the investors’ pulse racing and have over-eager venture capitalists knocking on your doors! Workday, a young Californian firm selling cloud-based software hit pay dirt managing the back-offices of large companies and ended up with a valuation of nearly $4 billion at the New York bourses. Another company, Yammer that offers social networking software, was snapped up by Microsoft for $1.2 billion.

Let’s rewind to Ground Zero when you have just buckled your straps and are starting from scratch. As a startup, you cannot afford to be straight-jacketed. You need to keep your options open. Like, one door should open when another closes.

Suppose you start with investing big on creating an all-purpose fully loaded virtual architecture, and this model ends up as a white elephant? All the more sensible therefore that you keep your investment on virtual architecture lean and mean and to the minimum, and fully leverage Cloud Service to the maximum by using it for accessing application infrastructure, processing, storage, etc.

Unless you are starting your enterprise with a billion dollars (!) your number one concern will be about how to thread your costs thin. Remember Google’s pay-per-click (PPC) concept? It’s the same with startups using cloud service. You only pay per spend, or pay per user or per quantity of processing/storage.
With cloud services, your resources are “elastic”, and you enjoy out of the box mobility by way of easy and instant access to IT facilities from any suitably configured device, including faster access to latest software and hardware upgrades on the cutting edge. For instance, days after your new state-of-art server farm arrives on its pallets, the market is abuzz about the launch of a new server that has double the processing power and is available at half the cost of your server! But if you have adopted the cloud model, you are able to access up-to-date hardware resources and software functionality, and its newly added features, at little or no extra cost.

However, many startups would like to cross the bridge to the cloud only when it becomes par for the course and not when it is still a fashion statement.

For instance, in situations where data requirements are huge, working on a smart phone view is like watching the spectacular Avatar on a 9’ inch screen and writing a review of it!

When a startup relies on a network provider for most, if not all, its IT needs, how will it cope in the event of a network disruption? How will you ensure uptime in case you lose connectivity to your data? How will you manage your Windows Active Directory servers?

Cloud for startups has its advocates and critics and it would be fair to say that it is an idea whose time will not go for some time to come. Wish we had Steve Jobs to ask the right questions and provide better answers. Or is it that he is on cloud ??

If you want to bootstrap your way to scale, your ticket is a cloud away.

Cloud based QA Infrastructure

A silver bullet to ward off traditional challenges

If you have some spare time at the office, spare a thought to the CIO in the IT industry. A blitzkrieg of challenges invite the CIO every day as he settles down on his desk after greeting his colleagues, rather ironically for him, a “good morning”. Here’s how the dice rolls for him every day at work:

Existing Scenario:

a)    Shrinking budget

b)    Increasing cost pressures

Expectations:

a)    Cut IT spend

b)    Deliver value and technology edge

Preferred Solution:

a)    Enhance ROI generated from IT components

b)    Increase focus on QA infrastructure and maintenance costs

c)    Lean on test managers to reduce QA infra costs as they form a major chunk of IT infrastructure budgeting.

Cutting costs, a Catch-22 situation

On the other side, test managers face a catch-22 situation as cut in QA infrastructure spend could potentially impact the quality of software deliverables. Here are a few examples of the challenges that drive cost of IT upwards while creating and managing QA infrastructure:

  • Testing operations are recurring but non-continuous. This means test infrastructure is sub-optimally utilized and therefore has a significant impact on ROI.
  • Testing work areas span a wide spectrum such as On-time QA environment provisioning for multiple projects, decommissioning of QA environment to other projects, QA environment support, managing incidents, and managing configurations for multiple projects. All these necessitate an organization to allocate and maintain proportionate skilled resources at all times which in turn drives costs upwards.
  • CIOs and Test Managers are expected to ensure testing is commissioned on recommended hardware, because most of the issues linked to later stages of the quality gate are attributed to testing on inadequate hardware. This again accounts for a significant chunk of the total IT budget
  • Creating appropriately defined QA infrastructure up and running in time (including procurement and leasing of these elements) to meet the set timelines demands more IT staffing resources
  • Many Test Managers give the goby to staging environment and directly deploy to production because of budget constraints, however creating a staging environment that mimics production is more critical to quality of software in production. Creating such environment also necessitates huge chunk of total IT budget.
  • Today’s complex application architecture involves multiple hardware and software tools which require a lot of investment in terms of time, money, resources on coordination, managing SLAs, procurement;  with multiple vendors. All these taken together add up more allocations in the budget.
  • For conducting performance testing, test managers need to set up a huge number of machines in the lab to generate desired number of virtual users demanding more budget from CIOs

The Case for QA infrastructure as a Service in Cloud

All the above challenges force CIOs and Test Managers to move away from on-premises QA infrastructure and scout for alternatives such as cloud computing for creating and managing QA environments. Organizations are leveraging cloud computing to significantly lower IT infra spend towards QA environments while at the same time deliver value, quality and efficient QA lifecycle. Already, many players, big and small, such as Amazon, IBM, Skytap, CMT, Joyent, Rackspace;  offer QA infrastructure as a service in cloud. Using this service, organizations can set up QA infrastructure in cloud, shifting focus from CAPEX to OPEX.  CIOs too are able to significantly squeeze both CAPEX and OPEX elements thereby meeting the budget cap without compromising on the quality of the solution.

How does it work?

Assume that a QA team needs a highly complex test environment configuration in order to conduct testing on a new application. Instead of setting up on-premises QA environment (which requires hardware procurement, set up, maintenance), a QA team member logs in to the QA infrastructure service provider’s self-service portal and:

* Creates an environment template with each tier of the application and network elements like web server, application servers, load balancer, database and storage.  For example a QA team member can fill the web server template like “web server with large instance and windows server 2008”.

* Submits the request through the IaaS service provider’s portal

* The service provider provisions this configuration and hardware in minutes and sends a mail to the QA team.

* The QA team uses this testing environment for required time and completes the testing.

* the QA team releases the test environment at the end of the testing cycle.

* For subsequent releases, the environment can simply be set up from the same template and the QA team can deploy the new code and start testing.

* The service provider bills for only the actual usage of the QA environment.

How does it help?

Elastic and scalable data center with no CAPEX investment: CIOs/Test Managers don’t have to worry about budgeting, procurement, setting up and maintenance of QA environment. Organizations simply need to develop applications and create a template of the required environment and request the service provider who enables the test environment. The QA team then deploys the application on a production like environment, thus saving time and expenses over traditional on-premises deployment. This shifts the focus from CAPEX to OPEX for IT infrastructure spending.

QA teams can provision their own environment: With this facility, QA teams can provision their own environment on-demand, rather than going though long IT procurement process, to set up an on-premises test environment.

Multiple parallel environments: QA teams can create different environments with different platforms and application stacks, with no investment in capex and multiple hardware, reducing the Go to Market time.

Minimize resource hoarding: Instead of setting up on-premises test environments and investing capital on hardware, QA teams can deploy the environments on cloud on a need-basis and release the resources after completion of testing. Some service providers provide ‘suspend and resume’ facility, in which case QA teams can suspend an environment saving the entire state including memory and resume at a later stage when required.

The bottom line: QA environments in cloud are lifesavers for companies. CIOs are slowly adapting cloud based QA infrastructure and moving away from on-premises QA infrastructures which demands huge CAPEX and OPEX and yields less ROI. Cloud-based QA infrastructure, if managed smartly, is a silver bullet that can neutralize most of the challenges faced by CIOs/Test Managers in traditional QA infrastructure.

In the Cloud, Don’t KISS.

Remember the Y2K dotcom era when every Tom, Dick and Harry rushed to ride the Internet bubble? It looks like many of us have forgotten our lesson, the instant Internet 2.0 (or is it 3.0?) made a comeback on a cloud, viz. Signing up for Cloud Services like you are applying for a credit card. Follow the herd mentality, you know.

To get smarter, faster, and better, go easy. And then act with speed. That’s how you win the race. Just because your competitor, your associate, or your vendor is moving to the cloud, doesn’t mean you mimic them without giving it any more thought. Think before you ink a SLA. Is your CSP (Cloud Service Provider) capable of delivering standards-based cloud solutions that are designed from the ground up to meet your specific enterprise requirements? Does your Service Level Agreement with your CSP also cover your requirements for monitoring, logging, encryption and security? Do you have the domain specific IT knowledge and expertise and the corresponding environment in place before signing up for a cloud solution? And are your security protocols in optimum functional mode?

Security protocols: Keep a hawk’s eye on them. In CIO circles, they warn you not to KISS (Keep It Stupid & Silly) when you sign for the cloud. KISS refers to common mistakes in an enterprise such as for instance, failing to to register your passwords and individual IDs with the enterprise; turning a deaf ear to demands for secure Application Programming Interfaces (API); and wrongly assuming that you are outsourcing risk, accountability and compliance obligations as well to the cloud.

The ironic party of this business of securing the cloud is the challenge of arriving at an ideal tradeoff between the need of the enterprise for security and the need of the consumer for privacy. The Economist in “Keys to the Cloud Castle” succinctly sums up this dilemma faced by cloud-based internet storage and synchronization providers like say Dropbox, using a house metaphor. Which do you prefer: An access through a master key which is in the hands of an authorized internal security or an access whereby you choose your own security key. The problem with the former is in the key falling into wrong hands, while in the latter case, the danger is in losing all access if you lose the key due to negligence. Cloud security scientists so constantly look to find a middle path that combines privacy with security.

Does this mean that a perfectly secure cloud computing is still a chimera? Happily for us, recent research in cryptography shows homographic encryption – a new algorithm which would enable a Web user to send encrypted data to a server in the cloud which it turn would process it without decrypting it and send back a still-encrypted result – is well on the way to become a pursuit of wow, among CIOs.

A clearly demarcated delegation of tasks between cloud providers and security providers could serve as a rule of thumb for ensuring both security and privacy. Cloud providers should focus on providing access, anywhere, anytime, while security providers should focus on core encryption. An integration of both these services can lead to a seamless and secure user experience. For example, you as an user encrypt your files directly on your laptop/desktop/phones, and then upload the encrypted documents to the cloud.

Bottom line: Don’t sign up for the cloud like you are applying for a credit card. Outsourcing your ideas doesn’t mean you also outsource your thinking..

For A Better Cloud Security – Wheel it Different, instead of Reinventing the Wheel !

Saas served as sauce? Wow. But only as long as it’s secure. And that’s where the penny drops. No matter. Big money now is way too big on cloud services. We can’t roll back the Age of Participation. The jury may be pondering on how secure is the cloud, but the verdict is only going to tweak “how secure is the cloud” to “how to secure the cloud”.

Yes, there is a cloud over the cloud. Less than a year ago, hackers stole 6 million passwords from dating site eHarmony and LinkedIn fueling the debate over cloud security. DropBox, a free online service provider that lets you share documents freely online, became “a problem child for cloud security” in the words of a cloud services expert.

The “Notorious Nine” threats to cloud computing security according to the Cloud Security Alliance (CSA), a not-for-profit body: Data breaches, data loss, account or service traffic hijacking, insecure interfaces and APIs, Denial of service, malicious insiders, cloud abuse, insufficient due diligence, and shared technology vulnerabilities.

However, a problem is an opportunity in disguise, and so the algorithm waiting to be discovered is to how to outsmart the hackers and overcome the threats to cloud security. More so, since the advantages that accrue from cloud services viz. flexibility, scalability, economies of scale, for instance, far outweigh the risks associated with the cloud.

One way for better cloud security is to use a tried, tested and trusted Cloud Service Provider (CSP) rather than to self-design a high availability data center. Also, a CSP yields more economies of scale.
Virtualized servers, though less secure than the physical servers they replace, are getting more and more secure than before. According to research by Gartner, virtual servers were less secure than the physical servers they replaced by 60% in 2012. In 2015, they will be only 30% less secure.

To do the new in cloud security, we could begin by reinventing the old. The traditional methods of data security, viz. Logical security, Physical security and Premises security, also apply to securing the cloud. Logical security protects data using software safeguards such as password access, authentication, and authorization, and ensuring proper allocation of privileges.

The risk in Cloud Service Offerings arises because a single host with multiple virtual machines may be attacked by one of the guest operating systems. Or a guest operating system may be used to attack another guest operating system. Cloud services are accessed from the Internet and so are vulnerable to attacks arising from Denial of Service or widespread infrastructure failure.

Traditional security protocols can also be successfully mapped to work in a cloud environment. For example Traditional physical controls such as firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Network Access Control (NAC) products that ensure access control can continue to be critical components of the security architecture. However, these appliances no longer need to be a physical piece of hardware. A virtual firewall, like for example Cisco’s security gateway, performs the same functions of a physical firewall but has been virtualized to work with the hypervisor. This is catching on fast. Gartner researchers predict that by 2015, 40% of security controls in the data centers will be virtualized.

Moral of the cloud: You don’t have to reinvent the wheel to secure the cloud. But we need to keep talking – to wheel it differently.