Private cloud deployment presents enterprises with security challenges, warns Gartner
WASHINGTON, D.C. – Although enterprises often choose to deploy private cloud instead of using public cloud services because of data security concerns, the move to private cloud presents security challenges of its own, said Neil MacDonald, Gartner vice president and fellow in cloud computing.
When Gartner surveyed executives considering private cloud adoption, security and privacy was a top concern, just behind internal culture, mindset and political barriers. This suggests that enterprises are worried their employees and processes are not ready to support private cloud computing, MacDonald told an audience at the Gartner Security and Risk Management Summit being held here this week.
"The most common call that I take [from clients] is this: 'I have workloads of one type of trust level and I want to combine them with workloads of another type of trust level on the same physical piece of hardware,'" he said.
MacDonald responds to these clients: "Yes, you could do that, but should you do that? The question is how much separation is enough for you to have confidence that these things can't intermingle without enforcing a policy between them, such as a firewall rule."
One approach to improve data center security is to virtualize security controls. Gartner estimates that by 2015, 40 percent of security controls used in data centers will be virtualized, up from 5 percent in 2010.
MacDonald said most enterprises will use a combination of physical and virtual security controls for the cloud environment. Physical security controls will continue to be used for high-bandwidth applications at the physical boundaries of enterprises, while virtualized controls will be used throughout the private cloud fabric, he predicted.
To reduce the security risks, the Gartner analyst recommends that enterprises deploy cloud computing gradually, first by virtualizing the data center, then by virtualizing security controls. In addition, enterprises should consider using cloud security gateways to enforce security policy if they decide to use public cloud services to supplement their private cloud deployments.
Cisco turns to Skyhigh Networks to shine light on shadow IT risks
Cloud-based security services to grow 69% per year through 2017, says Infonetics
Gartner: Enterprises should look for highly scalable, automated, elastic cloud product