Security identified as a growing concern for cloud hosting customers

Security is coming to the forefront as one of the major concerns for customers of cloud hosting services, creating new demand for data protection solutions.

A recent report by Gartner found that the market for cloud-based security services is expected to reach $2.1 billion this year and then increase to $3.1 billion in 2015 as companies that make use of cloud storage become more aware of the need to protect their data.

“The cloud-based security market remains a viable one, offering providers many opportunities for expansion,” Gartner research director Ruggero Contu said. “Encryption will be a new area of growth, but it remains a complex activity. The strongest interest will be in encryption products from cloud security brokers, which are relatively easy to deploy and have options for on-premises encryption management.”

The company expects that the services cloud hosting customers seek out will include cloud-based encryption and tokenisation, security information and event management, web applications firewalls and vulnerability assessments. Adoption of other cloud applications will contribute to increased demand for cloud security services, which are usually delivered as part of a software-as-a-service package or as stand-alone features. Identity and access management offerings (more info) are among those that have the most potential for growth, according to Gartner. Encryption services available through cloud servers are also attracting customers.

Cloud-based security controls are usually delivered either as part of an integrated SaaS package or as a standalone feature. The availability of security management tools such as encryption through the cloud gives firms multiple options for protecting their data.

Assessing risks
Gartner expects companies to become increasingly accepting of and reliant on security-as-a-service in the cloud as more firms adopt cloud software and introduce bring-your-own device policies.

“In the next 24 months, new security-as-a-service-based offerings that address specific security controls for cloud-based IT resources will be available from larger IT and network service providers, aimed initially at small or midsize businesses (SMBs),” Gartner stated.

The increasing awareness of security hazards within the world of cloud hosting has led to some firms setting a benchmark for acceptable risks, Tom Nolle wrote in TechTarget. Security problems with cloud hosting often occur when businesses fail to look at the safety of the cloud in relation to how it stacks up to their current hosting solution. They may expect to use their existing applications in the cloud, rather than run new apps. If they plan to migrate old applications to a cloud server, they should consider whether the risks in the cloud are greater than those they already accept.

Protection measures
Security in the cloud is gauged by physical security, application access and the risk of network interception, which refers to the possibility of an unauthorized party viewing sensitive data. The risk is greatest when the applications are accessed via a wireless network. Encryption can help protect data from these intrusions and can also protect security at access points. Managing and protecting security keys is vital to using encryption effectively.

“The most common practice is to store an application’s security key within the app image,” Nolle wrote. “If this is done in a cloud application, the key becomes part of the machine image stored with the cloud provider, and it could be stolen by someone with access to the machine image storage. Use a public key storage service or technique to ensure that keys are never stored with application code or data in the cloud.”

Physical cloud security presents a substantial challenge for cloud users. In order to protect their data, they should validate their cloud hosting provider’s security certifications. Several security compliance frameworks are available, though not all of them are fully developed. Nolle recommended that cloud customers determine whether the vendor’s framework fits their needs and supports any relevant government regulations or compliance guidelines.

Lyza Latham consumes all things Technology and Cloud. To keep in contact with Lyza find her on Google+