It's not about the money

Andrew McLean explains why security is the new differentiator for the cloud.

It's not about the money
It's not about the money

Cloud computing is being commoditised.  Cloud brokerage is now a commonplace term and price comparison websites are not far off.  Yet fears about security continue to pervade the industry, particularly for business applications, and it is only the companies which understand and respond to this that will thrive in the next few years.

The first step is likely to be an increase in the tiered model of selling cloud solutions, whereby prices vary according to levels of security. Already we are seeing a distinction between business and consumer cloud sales on this basis.  Businesses are increasingly moving away from Dropbox-style consumer cloud set-ups to develop their own private clouds in order to minimise security risks.  Consumers continue to be guided more in their choices by price.

This difference in the attitude of consumers and businesses to security is at the heart of one of the biggest headaches for cloud providers; the aspect of human error. It is a factor that the most complex technology and stringent of processes can never eliminate, and one which is likely to change the way in which businesses manage their cloud solutions.

Mobile phones, tablets and home broadband routers, all under the day-to-day control of individuals, are the biggest risks to cloud security.  Most people regard passwords as a necessary evil, manageable by using only a small handful of different ones and changing them as infrequently as possible.  With home routers, 99 percent of people will buy one, set it up and never update it.  These routers are easily hacked, leaving people vulnerable to data theft. Hackers can also use these broadband connections to spread viruses or break into more secure systems without detection.  If any of these home devices provides a link into business systems - which the current trend of home and remote working makes a commonplace occurrence - the entire organisation is at risk.

As a result, a more centralised security model for many business cloud solutions will be inevitable. This is likely to take the form of hosted desktops, where all files and programmes are stored in the cloud and are accessible from mobile devices only through a secure login. All data is held in secure data centres, so even if a router is compromised, hackers can't access any files or data, as it is not physically there.

Security technology is also developing fast.  We will see greater levels of encryption away from just data in transit to data at rest, and the ability to embed security into the data itself.  This will allow organisations as well as individuals to track documents, spreadsheets and other files that are sent or published, to see where they go and who they go to.  If the file falls into the wrong hands, it can be deleted at the click of a button. Software designed to protect data in use with full memory encryption is currently in beta testing and we'll also see multi-factor authentication and proactive intrusion detection technologies playing an important role in differentiating cloud solutions.

Ultimately, the future of the cloud will depend on the understanding of both businesses and consumers of the value of data and the security risks facing it.  When considering cloud solutions, “cheaper is better” will always be a false economy, but there is still a great deal of education that needs to take place.  No technological security measures will ever fully remove the dangers posed by fallible humans, but cloud providers and users that demand the most up-to-date security will be the ones to ensure the technology thrives. 

Contributed by Andrew McLean, CEO of AppLayer