The challenge of securing cloud resources: insights from Tata Communications

03rd August 2012
The challenge of  securing  cloud resources: insights from Tata Communications

 

Photo: A delegate at CommunicAsia2012  in Singapore, poses with hostesses at the Tata Communications stand.  The company is connectivity partner of the Formula One racing organisation ( IndiaTechOnline photo by Anand Parthasarathy)

Research states that 90 percent of companies are expected to adopt or substantially deploy a cloud model in the next three years. From multi-national corporations to start-ups, more companies are embracing the cloud to take advantage of the flexibility and efficiency it provides. The challenges associated with adoption have now evolved from choosing the right cloud to exploring the higher value stages of cloud computing while protecting infrastructure integrity.
We bring you a few insights from a key provider in this emerging arena: Tata Communications,
When trying to explain the perils and pitfalls that accompany the promise of cloud computing, Amit Sinha Roy is fond of quoting the 6th century Chinese military strategist Sun Tzu’s “Art of War”: “If you know your enemies and know yourself, you will not be imperiled in a hundred battles”. A neat way saying beware of external threats to your network security, but be also aware of the danger from within your firewall.
Amit, who is Vice President, Strategy & Marketing Global Enterprise Solutions, at Tata Communications, was trying to drive home the point while briefing IndiaTechOnline at the company’s crowded stand during the recent CommunicAsia show in Singapore. And it didn’t help that the Tata display highlighting its partnership with the Formula One racing organization as connectivity provider , was a big draw -- with delegates vying for a keepsake photo along with the two hostesses ( see our photo above).
What were the common pitfalls in trying to go the cloud way? Amit suggested these could range from buying/paying for too much or too little capacity to the fluctuating costs from some vendors which made budgeting difficult as well as their requirement that the customer invest in costly add-ons or provide the required “on-ramp” connectivity.
This led to another difficult decision for many enterprises: should they go the On-premise route or opt for a service provider?
A sensible alternative was Virtualisation technology, which could offer significant security benefits, Amit suggested – indeed some industry experts were saying virtualisation will soon enable ‘better than physical’ security.”

In keeping with its trademark understated if confident marketing methods, Tata stopped short of in your face solutions and rather, left customers to ask and answer some important questions in vendor security related to outsourcing one’s cloud infrastructure:
• Does the service provider inform about how it safeguards its Infrastructure as a Service (IaaS)?
• Has the service provider mitigated the chief risk of malicious insiders through strict hiring standards and practices that restrict access to the IaaS service management platform and to the virtual machines?
• Does the service provider allow you to restrict access to IaaS resources through self-managed governance and access controls?
• Are the virtual machines (VMs) and data sufficiently isolated from other customer’s virtual machines and data via sound platform configuration and management practices employed by the service provider?
• Does the service provider ensure security of its service interfaces?
• What security and operational industry standards and certifications does the vendor follow, and do they sufficiently explain the security measures they provide?
Tata Communications collateral on Cloud security technologies: http://security.tatacommunications.com/cloud.asp  
August 2 2012