Between RSA, Sony and Lockheed Martin, major security failures have been unusually common in recent headlines. But, it's not just the uptick in data breaches that should have security professionals worried – they should be equally concerned about the breaches in availability.
Take Amazon's EC2 cloud outage last April. This single, highly publicized incident risked a major step backward for enterprise cloud computing adoption. To the public's knowledge, sensitive business and personal data were not breached, but the failure in service broke a key tenet of network security: availability.
Cloud providers have a responsibility to ensure that they are constantly available. Recent outages, like what happened with Amazon, underscore the absolute necessity of always-on connectivity. However, because increasingly sensitive data now resides in the cloud, availability is no longer solely tied to access – it's also tied to security. In short, if the cloud is not available, you can't guarantee that security was not the culprit. Why? Because the two cannot be separated. They are inextricably linked.
As cloud computing evolves, security strategies must address load, perimeter and behind-the-firewall protection, as well as availability. Unfortunately, it's difficult to assess the level of security in the cloud today. Even those service providers which have been vocal about security have limited their mindset to traditional devices and fail to discuss how they're addressing availability and uptime.
If service providers want to gain the trust of enterprises to fully migrate to the cloud, and if enterprises want to fully realize the benefits of cloud computing, providers int he arena must offer transparency in how they're handling all aspects of security – from device implementation (both virtual and physical) to addressing resilience and manageability. Only when these three areas act in concert and cohesively will security in the cloud reach maturity and gain the full trust of the public.