ASIS Session Examines Cloud Computing Opportunities, Dangers
- By Brent Dirks
- Oct 21, 2010
With all of the talk surrounding cloud computing during ASIS 2010, Dave Tyson, CISO of utility provider PG&E summed up the new technology simply.
“If physical security and IT could have a child, it would be cloud computing,” Tyson said during the session “Get off My Cloud: Opportunities, Dangers, and Realities of Cloud Computing” last Friday on the closing day of the conference. “Because it takes pieces of both and brings them together.”
Tyson said cloud computing can be looked at as being composed as three parts -- software as a service, infrastructure as a service and application as a service.
“What it means is that all of the physical access -- those servers and things you’ve had before, you no longer need,” he said. “That’s all sitting in the cloud. Instead of buying storage, you just pay for the amount you use. That can easily draw down the costs tenfold.”
Cloud computing has taken off quickly because of an organization's ability to save money and scale as needed very quickly, Tyson said.
“Are today’s CFO’s cost-conscious?” he asked. “Absolutely, and once they realize how much can be saved with cloud computing, the technology has been able to gain a strong foothold.”
Despite all of the advantages of the cloud computing and virtualization brings, there also are a large number of security risks, Jeff Spivey, president of Security Risk Management Inc. in Charlotte, N.C., said during the session.
“The bad guys are better funded, better organized and may be doing a better job of sharing information than we are,” Spivey said. “We have to make sure every possible hole is fixed, while the bad guys just need to find one way in to infiltrate a system.”
Spivey said that some of the advantages that cloud computing provide are being leveraged by hacker elements as well.
“Criminals continue to find new ways to go undetected,” he said. “Cloud providers are being attacked because of anonymity possibility. The Zeus and exploits targeting Microsoft products have been put on the cloud. Cloud computing provides a veil to protect and provide some degree of anonymity to bad guys.”
Tyson said cloud computing also provides challenges of data location and verifying identification credentials -- issues affecting numerous facets of an organization like human resources, IT and physical security.
“With cloud computing, traditional ways of IT are totally changed,” Tyson said. “Data can be moved anywhere seamlessly. Verifying identity can become much harder when the information is in the middle of nowhere.”
But both Spivey and Tyson agreed that despite the risks, the move to cloud computing is coming. Some companies, according to Spivey, have to spend as much as two-thirds of the IT budget to simply maintain the current infrastructure. And a recent Gartner study predicted by 2012, 25 percent of companies will have an outsourced IT department.
“Cloud computing is a great platform, and you can do more with less money,” Tyson said. “You are going to have to go into the cloud at some time. The best way to do that is understand the technology and how it can help you do your job better.”
In the physical security world, cloud computing can be used to immediately save costs. Tyson said an organization can put its entire physical security storage information from sources like video and access control in the cloud for a large savings.
But moving physical security information to the cloud does have challenges.
“In the virtual world, all security tools are not the same and always so straightforward,” Tyson said. “It’s the combining of physical and cloud computing tools that will make things more complex as time goes on.”
With the new challenges the move to the cloud brings, Tyson said organizations need to create a completely new set of new best practices along with updating the existing set.
“My best advice is to get a seat at the table with the IT people,” Tyson said. “Ask then if you are ever going to get in the cloud and then ask what is going up there and when.”
About the Author
Brent Dirks is senior e-news/Web editor for Security Products and Network-Centric Security magazines.