The Importance of a Secure Cloud
13 May 2010
This is the next in a series of guest blog posts by Intralinks’ collaborators, partners, and vendors. Jim Reavis is co-founder and executive director of the Cloud Security Alliance. The CSA is dedicated to developing and promoting best practices to secure cloud computing, and counts among its constituency a broad group of stakeholders which include both providers and consumers of cloud computing. Intralinks is one of the newest corporate members of the CSA.
In many respects cloud computing is not new as veteran companies such as SalesForce.com and Intralinks have been delivering business applications as a hosted service for over a decade.
However, the scope and scale of the cloud-delivered solutions we use is about to explode, and it is incumbent upon all of us that we take judicious steps to secure this pervasive use of computing as a utility.
Much is made of the cost savings that cloud computing provides, and the many examples I have witnessed are undeniable. However, the true long term benefit of cloud is the ability for businesses to execute their strategies immediately, without the “friction” of traditional IT procurement, implementation and provisioning. While not necessarily grasping all of the details of the cloud, I find that CEOs are absolutely in sync with its “on demand” nature, as they are essentially migrating towards running their entire businesses this way.
So, what are the challenges the CSA sees ahead and what are we doing about them? There are no systemic issues preventing cloud computing from meeting and even exceeding the security baselines of traditional IT. Cloud providers that have made the proper investments in security programs are doing it today. However, this is not necessarily true across the board, and CSA sees as one of its fundamental tasks the enablement of an ecosystem to provide assurance of the security of any given cloud provider in a transparent manner. We have a number of initiatives to help in this regard: we released version two of the CSA guidance of best practices in December 2009. In April 2010, we released the CSA Cloud Controls Matrix, a framework of security controls for cloud environments which maps to a variety of existing security standards and regulations, to help a variety of practitioners understand how to translate existing security practices to cloud environments. These tools are part of a broader goal to help accelerate compliance in the cloud, which is a top priority across the board. You can find out more about our initiatives at www.cloudsecurityalliance.org, and perhaps I can share more on a future blog post.
An important lens with which to view the issue of cloud security is that of data protection. Cloud services in large part exist to manage our data, and the ability to protect sensitive information, such as regulated customer data, employee records or proprietary intellectual property is paramount to the growth of the cloud. We value Intralinks' participation in the CSA, and look forward to our collaboration, and hearing from you as well!