Following on from my last post on the top 10 technologies and trends for 2010 I had a couple of thoughts on 3 of the items in the list, namely;

Point 1 “Cloud Computing”
Point 10 “Mobile Applications”
Point 7 “Security – Activity Monitoring”

My thoughts, or more precisely my questions are, how are IT security folks going to deal with the changing eco-system that increased adoption of both cloud computing and mobile applications present?

Traditionally, corporate IT security relied on building a strong perimeter and only allowing selected traffic in and out via a firewall. Over the years many different threats arose and were dealt with successfully (if not bluntly) by network security managers. For example, when USB thumb drives became popular USB ports on corporate desktops the world over were simply disabled. Likewise many organisations simply imposed blanket bans on any web based mail clients (Hotmail, Yahoo, GMail, etc.) and blocked all social media sites at the firewall.

Many companies also adopted strict policies about what equipment would be allowed and enabled to connect to their networks but invariably, many of these policies were relaxed over time with the increased requirement for inter-organisation collaboration and more mobile workforces.

Mobile workers added a new threat when laptops were either lost or stolen and we are all aware of many high profile cases involving data loss through such incidents. Alarmingly the incidence of lost laptops is far more prevalent than you might think, Dell released a report last year estimating that more than 12,200 laptops per week were lost or stolen in airports in the U.S. alone. The biggest concern with loosing a laptop is not the asset loss itself but the question about what sensitive information its hard-drive might contain.

Roll forward to the Era of Cloud Computing and consider the complexity of managing IT Security in a hybrid environment where many organisations will have a mix of both on-premise and cloud based solutions. Additionally the increased requirement for organisations to collaborate with partners, suppliers and customers and the sudden realisation in board rooms across the world that social media is not the enemy and you can see that the traditional secure perimeter is beginning to look very porous indeed.

My own view is that most reputable cloud computing providers run an environment that is equally as (and probably more) secure than the vast majority of corporate environments, however in order to utilise and benefit from these cloud services we need to resolve the conflict that exists between the cloud computing model and the traditional rigid iron fist of security managers.

A new IT Security model which can enable the adoption of cloud computing services while assuring corporate data protection is urgently required. As always your thoughts and input on this are welcome.

[Post to Twitter] Tweet This Post  [Post to Digg] Digg This Post  [Post to Reddit] Reddit This Post  [Post to StumbleUpon] Stumble This Post