As the popularity of cloud services has grown, so have concerns over the security of the data that's stored on them. This has led security vendors to adapt and develop solutions for the new environment.
A new report by security company NSS Labs looks at the rise of cloud security solutions and at the business demands driving their adoption, as well as the limitations and potential hidden costs in their use and recommendations for enterprises.
Findings include that many cloud security appliances and services are from new vendors rather than established providers, something which significantly complicates integration. Also a key feature of many data protection services -- manipulating data before it heads to the cloud -- can require organisations to deploy new critical assets, such as databases and servers and lead to new processes and potential expenses.
Ensuring compliance with organisations' unique regulatory and other requirements is a critical issue too, as is accounting for any gaps that exist between on-premises security and the cloud.
NSS recommends that enterprises deal with these issues by conducting thorough testing of all SaaS tools, either in-house or through a trusted third party, and that they include mobile platforms in their testing.
They also need to perform total cost of ownership (TCO) analysis on any SaaS solution, and take into account the cost required to change vendors including any updates to security. Legacy applications need to be mapped to existing security functions in order to understand their dependencies. The final recommendation is that businesses don’t outsource security related to mission-critical applications or business functions.
The report’s authors conclude, "The decision to rely on virtual security appliances or SaaS products for the protection of enterprise data presents a dilemma for organisations. While there is interest in leveraging cloud services, if security components cannot be seamlessly integrated to the cloud, organisations will experience gaps in their security architecture that could increase risk and expose sensitive data. Vendors must go beyond merely offering cloud-based services; they must prove that they can extend existing on-premises security controls to the cloud while maintaining regulatory compliance and controls".
The full analyst brief is available to download as a PDF from the NSS Labs website.