KML_FLASHEMBED_PROCESS_SCRIPT_CALLS
 

GoGrid Cloud Survey Report – Security & Compliance (Part 4)

June 21st, 2011 by - 6,402 views

Last time in the GoGrid Cloud Survey Report series, I wrote on cloud use cases and reasons for migrating to the cloud. This week, I wanted to focus on everybody’s favorite topic: security and compliance in the cloud. ;-)

If you’re brand new to this series, let me catch you up to speed. At the beginning of the year, GoGrid gathered feedback from over 500 CTOs, developers and IT professionals relating to cloud computing and best practices. This week, we’re highlighting the results from the question “What type of security/compliance do you require in the cloud?

You may have noticed, whenever there is a conversation about Infrastructure-as-a-Service, the security debate is sure to follow. We wanted to see what types of security the IT industry uses and which were the most important to maintaining compliance.

What Type of Security/Compliance Do You Require in the Cloud?

cloud_survey_security_1

As seen in the chart above, private VLANs, network layer firewalls and DDoS mitigation are the most required form of security according to our respondents, followed closely by Virtual Private Networks.

Obviously, security is only as good as the amount of effort that you put into implementing it. At GoGrid, we believe that providing raw infrastructure that you can control and manage is paramount. And, we provide the tools to help make your environment more secure. Private VLANs enable traffic to flow between your server instances that is not public in any way to other users of the public cloud. We launched with this service and believe that is should be core to any cloud. DDoS protection is something that most web infrastructure providers and hosters have built into their service offering. No site is 100% immune to Distributed Denial of Service attacks, however, attacks can be thwarted and mitigated. Also, GoGrid provides firewall services either via a hardware appliance or via a Partner GoGrid Server Image (PGSI) – like CloudPassage, Gazzang, Cranium Solutions, Sentrigo, Trend Micro, Art of Defence or CohesiveFT (for VPN solutions), among others, where GoGrid users can choose best-of-class server image solutions to further harden and monitor their GoGrid environments.

PCI compliance is very business-specific. While GoGrid does not offer full PCI-compliance, we can provide the tools to “get you down the path” of achieving PCI-compliance. One example is via our hybrid hosting offering. By mixing and matching physical and virtual environments, you can work to achieve compliance of certain aspects of your hosted environment. Also, some of the partner images in the GoGrid Exchange offer means to achieve compliance for particular components of the PCI-compliance checklist – for example IDS/IPS, logging and web application firewalls. Our account teams have assisted many GoGrid customers in achieving PCI or HIPAA compliance.

Security/Compliance Requirements (Grouped)

cloud_survey_security_2

This graph took the same data from above and really highlights what the IT industry views as important for IaaS security requirements. One of the reasons HIPAA and PCI are low are because is is very specific to a business vertical. Since many of the respondents may not have a need for PCI compliance, they will mark it as a lower of a priority than more commonplace items like firewalls, Private VLANs and VPNs which most companies should use as part of their Security Best Practices implementations.

Now that you know the security requirements from over 500 professionals from the IT industry, how do you stack up? Is your infrastructure more or less secure than our respondents? Stay tuned to the GoGrid Cloud Survey Report series because next time we’ll be diving into the private cloud!

For more information on our survey methodology or to see all of our results, please download the Cloud Survey Report.

cloud_survey_graphic

The following two tabs change content below.

Michael Sheehan

Michael Sheehan, formerly the Technology Evangelist for GoGrid, is a recognized technology, social media, and cloud computing pundit and blogger who writes regularly about technology news and trends.

2 Responses to “GoGrid Cloud Survey Report – Security & Compliance (Part 4)”

  1. "… we can provide the tools to “get you down the path” of achieving PCI-compliance …"

    What do you mean by this? Do you have examples of customers who get PCI certification?

    • We have had some customers achieve compliance via some partner work as well as by using certain service offerings within GoGrid. There is not one tool or feature that can directly do this as it is a fairly rigorous process. However, if you are interested, I would recommend contacting a GoGrid Cloud Specialist to work through the details.

Leave a reply