Someday, cloud security vendors and cloud services providers will convince enterprise IT that it’s safe to move sensitive data and mission critical apps from the private cloud to the public cloud.
Unfortunately, that day has not yet arrived.
Security practitioners, consultants and analysts interviewed for this story say cloud security vendors and cloud services
providers have a long way to go before enterprise customers will be able to find a comfort zone in the public cloud, or even
in a public/private hybrid deployment.
When asked for predictions as to when enterprise IT will be willing to elevate their level of play in the public cloud from
dabbling in non-sensitive data storage and consuming a little bit of SaaS from trusted entities like Salesforce.com, to running
business critical applications, the answers ranged from six months to two years.
So, what’s hindering public cloud adoption? The hesitation over security in the public cloud centers on:
• Concerns about securing the communications channels within multi-tenant virtual networks.
• Uncertainty about how the exploding number of heterogeneous mobile devices will be securely supported in the cloud.
• An inconsistent path for extending existing identity and access control mechanisms used in the enterprise up into the cloud.
• Questions on how trusted encryption and tokenization models need to be changed to adequately protect sensitive data stored
in the public cloud.