Ease of use the key to securing cloud resources – a Q&A with Chad Moore of Xonicwave
Aside from embracing a myriad of SaaS solutions and other basic cloud services, very few enterprises have taken the leap and fully embraced the cloud for their network infrastructure. Although there are many reasons why, security concerns often top the list when CIOs and CISOs are asked about their reticence to move systems to the cloud.
We recently had the opportunity to sit down with Chad Moore – the CEO of IT managed services provider, Xonicwave – to get more information about current cloud adoption trends, discuss the security challenges that the cloud creates and talk about what cloud providers and users should be looking for in security and authentication solutions to help protect their clouds.
Here is what Chad had to say:
TAG: How far along is cloud adoption across enterprises? If you had to put a number on it, what percentage of enterprises – both large and small – would you say have made the jump to the cloud for more than just cloud-hosted SaaS applications and development environments?
Chad Moore: As far as enterprises that are currently using the cloud – whether they realize it or not – it’s 100 percent.
There is no business out there that is not using the cloud in some form or fashion; whether it’s for their data back-up, or their CRM application or accounting system – such as Salesforce or QuickBooks – that’s hosted in the cloud. Every single instance and every single company is using the cloud in some way, form or fashion.
Of those companies, I would say about 20 percent of businesses out there are utilizing the cloud outside of just software as a service (SaaS) – whether that be datacenter, public cloud, private cloud, hybrid. But that is changing rapidly. A lot of companies are getting to the point where they’re utilizing virtual servers within the cloud just because of the financial aspect.
Also, companies are getting more global – not just in their reach to their customers but also with their employees. We’ve become a remote environment in today’s society, and we’re using technology – whether it’s video teleconferencing, email, VoIP – to enable a deeper reach. And companies are increasingly allowing their IT staff and IT department to put things in the cloud for ease of access and improve productivity and efficiency in this distributed environment.
TAG: What factors do you feel are standing in the way of more rapid cloud adoption?
Chad Moore: I think there are multiple different factors. Each business has its own struggles or hurdles that it has to deal with.
So, when these companies have invested in networks and infrastructure that hasn’t gone end-of-life yet, or end-of-service yet, they haven’t gotten a full return on their investment. So, it doesn’t make much sense for them to – say – purchase a server two years ago and then suddenly jump to the cloud because then the money they spent on the server is all for naught. So, a lot of companies are waiting until their current infrastructure get to its end of life.
Some companies – especially bigger ones – may not see the financial benefit of moving some workloads to the cloud. Let’s use email as an example. If you have 500 users, the cost per server, software and maintenance may be cheaper across that many users than if you were to move it to the cloud on a per user basis. In some instances, the costs per user have nearly doubled.
Finally, there’s a perception that moving to the cloud may not give business owners the same level of security, because they’re out there with everybody else.
TAG: Why is security such a concern for enterprises looking to move applications, services and infrastructure to the cloud, especially public clouds?
Chad Moore: The analogy I always give is that it’s the difference between living in a single home or an apartment complex.
In the single family home, you’re in control of your alarm system, doors and windows. And when you walk out, you know that you were responsible for taking care of all of those things to reduce the potential for security breaches.
When you live in an apartment complex, you can lock the door to your apartment, but you have no control over the building’s alarm system, smoke detectors and the front door to the complex. That scares some people because they feel they’re relying on others as a part of their security measures.
It comes down to the fact that the business owner doesn’t have control of the personnel. They have to take the word of an unknown entity – whether that’s Microsoft’s Azure, IBM’s Softlayer or Amazon Web Services. They don’t have direct control or insight into how the individuals there are protecting their data.
TAG: Why is traditional single and multi-factor authentication not adequate for protecting cloud resources?
Chad Moore: Technology is easy to implement. It’s the changing culture – policies, processes, procedures – that’s the most difficult aspect. You need to get people buying into the process.
If someone feels security hinders their efficiency or productivity, or creates a need to remember something they didn’t beforehand, you’re going to hear about it. People are creatures of habit, and when you change procedures, you’re going to rock the boat and cause people to complain. And that extends beyond security to anything in the workplace that forces people to change. It creates a negative environment.
Existing single-factor authentication simply isn’t strong enough to protect the kind of sensitive data moving into the cloud. And many of the multifactor authentication solutions on the market don’t have the ease-of-use necessary to keep the workplace environment positive.
Practice becomes habit and habit becomes lifestyle. People have done the same thing for so long that any change to that process can cause an uproar – even if it’s not more difficult.
TAG: What should enterprises be considering when looking at authentication and security solutions for their cloud resources? What capabilities and features should they be looking for?
Chad Moore: Whether it is security solutions or any other type of solution, the first consideration should be the financial burden. Total cost to the enterprise should always be the first indicator.
Then, the second most important thing to me is ease-of-use – not only in implementation, but also incorporating the new processes into the corporate culture. That’s a huge thing because people don’t want the organization to implement something that may be great over time, but is difficult to implement across the company.
This is why a lot of software becomes shelf-ware, because it’s a great idea but can never get implemented across the user base and eventually gets shelved. That scares a lot of businesses since it’s a waste of time and money.
Then there’s the impact on the business itself. Many times, enterprises implement a security solutions across the organization because it was recommended or because they read about it, but they haven’t take the time to do a risk assessment. They need to analyze their data to determine its value and who needs access to it to plan effectively.
Finally, there’s the ability to get quick and easy access to support. Enterprises need to feel comfortable that if there’s a problem or issue, they can pick up the phone and get a fast response to that situation.
To learn more about the importance of ease of use in security solutions, click HERE. To learn more about the increasing role of authentication in protecting enterprises against credential theft and breaches, click HERE to watch the Webinar, “Anatomy of a Breach.”