Security trends emerging to guide the cloud industry

Security has been an issue in the cloud since its inception as an important enterprise technology. However, the cloud has matured to a point that many basic security concerns have been taken care of, and a clear image of the advanced security issues to be addressed has become apparent.

According to Nir Ksherti, an associate professor of business administration for the University of North Carolina at Greensboro’s Bryan School of Business and Economics, a few key areas have emerged as targets for improvements in the cloud security industry.

At first glance, it may appear that having clear security threats is a problem, but it is important to remember that every technology comes with risks. Therefore, the recognition of the cloud's distinct security problems is a critical step in the technology's maturation and the industry's capability to fight cybercrime.

Ksherti explains that cloud computing is an incredibly young technology considering its role in enterprise settings. It uses advanced technology that is so far beyond systems already in place, that new security platforms need to emerge to support the technology. When those new security programs become prevalent, they will likely address a few key issues that Ksherti acknowledges as critical cloud security issues.

"Cloud providers have very, very sophisticated technology, but it is nascent, or emerging, technology. As a very new area, whatever security mechanisms have been used in the past, they might not be applicable to the cloud, so they have to develop new types of security," said Ksherti.

One key area for cloud security programs will be addressing the legal ramifications of where data is stored. Ksherti said that clear guidelines have yet to emerge to govern who is officially and legally responsible for data loss, security breaches and other similar incidents in cloud environments. Therefore, these guidelines are established with the service-level agreement that establishes the relationship between a cloud provider and organization. In many cases, cloud providers will use the SLA to give organizations responsibility for securing their own data, even though that information is not stored on their own hardware. This can create a major risk that businesses should consider carefully when negotiating SLAs, Ksherti said.

Cloud providers are also working to deal with issues surrounding the technological infrastructure of cloud computing. Because the cloud is built on relatively new and innovative technologies, such as virtualization, it is important that businesses recognize the importance of considering security. In light of these new technologies companies cannot simply deploy traditional security protocols and risk management procedures to protect the cloud.

While these security issues are relevant to the cloud, it is important not to let them get in the way of cloud deployment. Ksherti explains that every technology comes with some risk, and every security-related technology has flaws that users need to overcome. Therefore, users need to approach the cloud with an attitude focused on ensuring security and make sure service-level agreements will help control any legal and regulatory issues that could arise while computing in the cloud, he said.

Being able to acknowledge security and legal issues associated with a technology is critical to its long-term success. Because no technology is infallible, it is important that organizations recognize the security issues they will have to fight against. Recently, the University of Illinois received a $6 million grant from the U.S. Air Force to create a research center devoted to developing solutions that will support the maturation of cloud computing technology, the East Central Illinois News-Gazette reports. The new research center will be housed in facilities already present at the university, and the funding will be devoted entirely to research initiatives.