February 26, 2010, 9:38 PM — As cloud computing adoption climbs, hosting providers are inking deals with security vendors to provide security-as-a-service options to customers. But will enterprise IT managers buy into these often novel forms of security woven into a cloud computing environment?
There's definitely some resistance as IT and security managers struggle to sort out risk factors and compliance issues.
"A good number of organizations are now using what they consider to be cloud services," says Bill Trussell, managing director of security research at TheInfoPro, which just published its semi-annual http://www.networkworld.com/news/2010/022310-cisco-security-clout.html ">survey of information security professionals at large and midsize firms in North America. But when TheInfoPro asked respondents about whether they'd use cloud-based security services in cloud computing environments, less than 15% cited that as being very likely.
"When asked whether organizations would extend functions such as user access and provisioning, or two-factor authentication, to cloud providers, it wasn't too popular," Trussell says. Enterprise security professionals are still nervous about something largely unfamiliar that doesn't sit on their premises and isn't under their direct control — or even under the direct control of the cloud-computing provider they use, since the security service is controlled by a third-party vendor with security expertise.
Still, these new security-as-a-service arrangements are coming to cloud computing, and fast.
PivotLink, for instance, which offers cloud-based pay-as-you-go business-intelligence services, including an analysis service for data related to Salesforce.com, is in partnership with Novell to beta-test Novell's cloud security service, which includes various identity-management capabilities based on software hosted at GoGrid.
"We get our authentication from the Novell service, which plugs into the customer's service," says Bob Kemper, senior vice president of development at PivotLink. "Today we use the identity management and their authorization to manage the security level. Novell integrates with the required enterprise systems for access to information."
PivotLink's customers, many of whom are retail sales managers at companies that include REI, don't have to be using Novell software on their premises to make use of the Novell cloud security service.