Last time in the GoGrid Cloud Survey Report series, I wrote on cloud use cases and reasons for migrating to the cloud. This week, I wanted to focus on everybody’s favorite topic: security and compliance in the cloud.
If you’re brand new to this series, let me catch you up to speed. At the beginning of the year, GoGrid gathered feedback from over 500 CTOs, developers and IT professionals relating to cloud computing and best practices. This week, we’re highlighting the results from the question “What type of security/compliance do you require in the cloud?”
You may have noticed, whenever there is a conversation about Infrastructure-as-a-Service, the security debate is sure to follow. We wanted to see what types of security the IT industry uses and which were the most important to maintaining compliance.
What Type of Security/Compliance Do You Require in the Cloud?
As seen in the chart above, private VLANs, network layer firewalls and DDoS mitigation are the most required form of security according to our respondents, followed closely by Virtual Private Networks.
Obviously, security is only as good as the amount of effort that you put into implementing it. At GoGrid, we believe that providing raw infrastructure that you can control and manage is paramount. And, we provide the tools to help make your environment more secure. Private VLANs enable traffic to flow between your server instances that is not public in any way to other users of the public cloud. We launched with this service and believe that is should be core to any cloud. DDoS protection is something that most web infrastructure providers and hosters have built into their service offering. No site is 100% immune to Distributed Denial of Service attacks, however, attacks can be thwarted and mitigated. Also, GoGrid provides firewall services either via a hardware appliance or via a Partner GoGrid Server Image (PGSI) – like CloudPassage, Gazzang, Cranium Solutions, Sentrigo, Trend Micro, Art of Defence or CohesiveFT (for VPN solutions), among others, where GoGrid users can choose best-of-class server image solutions to further harden and monitor their GoGrid environments.
PCI compliance is very business-specific. While GoGrid does not offer full PCI-compliance, we can provide the tools to “get you down the path” of achieving PCI-compliance. One example is via our hybrid hosting offering. By mixing and matching physical and virtual environments, you can work to achieve compliance of certain aspects of your hosted environment. Also, some of the partner images in the GoGrid Exchange offer means to achieve compliance for particular components of the PCI-compliance checklist – for example IDS/IPS, logging and web application firewalls. Our account teams have assisted many GoGrid customers in achieving PCI or HIPAA compliance.
Security/Compliance Requirements (Grouped)
This graph took the same data from above and really highlights what the IT industry views as important for IaaS security requirements. One of the reasons HIPAA and PCI are low are because is is very specific to a business vertical. Since many of the respondents may not have a need for PCI compliance, they will mark it as a lower of a priority than more commonplace items like firewalls, Private VLANs and VPNs which most companies should use as part of their Security Best Practices implementations.
Now that you know the security requirements from over 500 professionals from the IT industry, how do you stack up? Is your infrastructure more or less secure than our respondents? Stay tuned to the GoGrid Cloud Survey Report series because next time we’ll be diving into the private cloud!
For more information on our survey methodology or to see all of our results, please download the Cloud Survey Report.
Latest posts by Michael Sheehan (see all)
- Get Your Game On in the Cloud - June 11, 2013
- How Software Defined Networking Delivers Next-Generation Success - June 5, 2013
- James Gosling to Speak on Innovation at GoGrid Cloud Meetup on 5/22 - May 16, 2013