CIO.com recently ran an interesting story on public vs. private clouds and the importance of cloud security. The article quotes Chris Swan, UBS’ security CTO, on the limitations of the public cloud in the enterprise. Swan predicts the emergence of private clouds, tailored to particular industries, which will compete with the public cloud for the enterprise’s money and attention.
His main criticism with the public cloud comes down to security. Data, likely a business’ most valuable asset, needs to be protected at all costs. Data that’s already public is no problem — it’s already out there, and companies shouldn’t have a problem migrating it to the public cloud.
However, all of this obscures the real problem, though, which as Swan notes — and we agree — is application security. The enterprise spends more time and energy focusing on the wrong problem; it’s the classic 80/20 scenario applied to cloud security.
As we’ve seen, security fiascos happen. They also make headlines – just take Dropbox or EA’s recent breaches, both stemming from loopholes in application security. As more and more businesses migrate to the cloud — any cloud, whether public or private — enterprise IT needs to focus on securing their cloud-based applications. Look no further than EA’s password breach to understand the importance of security safeguards across the enterprise.
Enterprise IT needs an intuitive way to manage the complex world of competing clouds and a hybrid cloud/on-premise environment. Above all, before making the switch to the cloud, application security must be at the front of the queue.
Secure your applications first and everything else will fall into place.