The current state of cloud security and what the future may bring with Mimecast

Neil Murray, Chief Technology Officer and Founder of Mimecast shares his views on the barriers facing businesses considering a move to cloud storage. He offers an insight into what IT managers should consider when looking at the various cloud options on the market. Neil Murray also explains the concept around the new Mimecast single platform cloud security solution unveiled at Infosecurity 2013.

Is security still a major barrier to companies migrating their services to cloud?

I think it is less of a barrier than it was. When we started out the questions were immature I think we did a lot of education but as time has gone on we are getting much more sophisticated questionnaires from our prospects. Those guys are very well informed. The barrier is lower in my perception. They understand that probably the data is safer with someone else these days and that is quite a revelation.

Have you seen in the last couple of years a big leap in the understanding managers have now around cloud and are you finding that they are coming better armed with information?

Yes absolutely. After you have had 50 questionnaires sent to you with much the same questions on them you get to the point where you need to certify yourself essentially. We pursued our 27001 plan just so that we could do that essentially they want the trust and they want the certification so that when you get those questionnaires there is an already made answers for them.

Neil, you have been associated with the statement "all clouds are not equal", explain what you meant by that?

I think a lot of companies have started up with the idea that they can store information in the cloud but over 10 years we have learn t a lot more about it. Certainly we understand that you need those certifications but you also need technology that secures those things not only from outside trades but from your own people. It is a strange thing to not trust your own people with your own data or the data that you are looking after for custodians.

It seems many organisations have invested in securing various parts of the business and now the weak point is user endpoint. Is that what you see as well?

Absolutely, we want to make the data more useful but the trouble is that if you do that and you're in a B, Y or a D environment what applications do you give to an end user such that they can use out of it and still have those things like pin locks, remote wipes the integrity of the data the daily prevention stuff it all has to work together and if you don't have a platform that supports that you can't answer those questions correctly.

Is the balance between employee freedom and necessary restrictions part of the craft of good security solutions?

Absolutely. You want to let them do things with their data to make them more productive and you want to do it within that safety zone but there is a balance, there is a balance in that they can't just give that information out whenever they want to it has to form part of the policies that are part of the organisation and therefore all those endpoints applications need to be secured in a unified way.

If you were to give some advice to any IT managers watching this who are still considering their move to cloud how would you advise them to ensure it is fully integrated and that it is as gentle on resources as it can be?

I guess you have to examine the technology we have spent a lot of time putting together things that go into the land and things that go into the land with the cloud. We are one of the only companies that has really invested in there and that is things like single sign on and everybody just gets access to the data but it still secured in a way that you would expect. Although some companies expect to have some other log on in some other place so that seamless integration comes from the technology but it also comes from the mindset of the organisation. As we see ourselves that mindset is that you shouldn't really feel the move.

You personally oversaw the creation of the services you are providing was it particularly important to offer a single solution and not a group of various modules?

For me it is pretty cool I see the problem as companies requiring certain solutions along the road and I kind of jammed them together in a sort of plasticine model all jumbled together and when you do that you have seams that form whether it is the security does not quite work that way for that solution or the storage does not quite work that way for the solution. So we played up front to form all those pieces having done that has enabled us to now accelerate in the cloud application in space but with a secure platform as the underpinning.

Has global recession created more opportunities for the development of cloud or has it hampered it in any way?

I can't speak for other companies but our growth rate speaks for itself it is so remarkable and I guess that it is not just that you're in the cloud I think that is not enough, I think you have to remove complexity. I think you have to drop their cost base and I think you have to offer an ongoing road map of things that make that data more useful and so extend the security arms around more and more parts of the organisation. So my suspicion is that any company that isn't investing in a long term road map with the cloud with an application or a platform will probably be struggling in this environment but we are not feeling that.

Data storage historically has been expensive and if you are still storing it using traditional solutions it's only going to get more expensive isn't it?

Absolutely. It is not just about virtualisation that is just moving the problem. We see the storage of data as a whole new science. Not something that keeps the stuff safe and secure and useful but allows different applications to use it in different ways to empower end users and business with that as we would think of it as gold in that data. If it is exposed and exploited in the right way and given back to customers it is a valuable resource.

In terms of security and in terms of the development of the technology itself, where do you see the cloud going in the next 2 or 3 years and what will we be stood here talking about n 2015?

My suspicion is that we will be talking about standards. If you were to use the analogy of banking a very old concept with a lot of regulation and control when you move from one to another your cash moves with you but in data terms there is very little of that and we see ourselves as pioneers somewhat in moving data and certainly offering options. Also the coverage of what one expects to have to conform to as a data bank in the sky. You would have to fit into certain regulations. They don't exist so I think in 3 years time we will be talking about the ones who have just been legislated.