May 22, 2012, 8:11 PM — Why do so many IT departments skip out on the need to to secure their own data and applications after they're moved to the cloud? I don't know?
Security is a big deal under any circumstances; in the cloud it should be a higher priority for IT, not lower.
For all its advantages, all the new hardware and special skills of the cloud providers, cloud is risky in ways an internal data center could never be.
for example the first thing you have to do to make the cloud work for you is the one thing you would never do under normal circumstances: Take the company's precious data and applications out of your nice, safe data center and ship them off to a giant colo warehouse run by strangers you might have been able to trust, if they hadn't seemed so smug about being better at your job than you.
They wouldn't even let you past enough locked doors to touch the boxes where your data would live, a long way from the nice, safe data center where you know which server runs that creaky legacy app, which SAN segment records its transactions and why the really critical customer data lives on JBOD instead.
Under those circumstances, the first thing you'd do is roll up your sleeves and bolt down a few things so at least you'd know your data was safe, even when it was lonely and far from home.
You'd be the odd one out, then. Of companies in the U.S. that use external cloud providers, 72 percent cannot or do not manage their own security in it.
That tidbit is from a survey published in February by CloudPassage, a firewall- and intrusion-detection vendor that takes the odd approach of making cloud systems secure by adding more cloud to them, by selling its multilayer security software as a subscription service (SaaS) rather than as traditional software.
Oddly, it's not a survey showing how unconscious about security all the business-unit managers and end users are who hire SaaS and cloud providers to get the IT services tehir own IT departments told them they couldn't have.
The survey was of IT people who, despite knowing better, didn't bother to dot any i's or cross any t's in the management of cloud providers. It's not clear if the IT people surveyed fell down on the job because they didn't like that end users were buying IT from someone else and then asking IT to manage it for them, whether they assumed the cloud providers would handle all the security themselves or if they just didn't want to deal with yet another security challenge.