Access and Feeds

Cloud Computing: Improving Security Controls with Zero Trust and Confidential Computing

By Dick Weisinger

Cloud computing has been called flexible, scalable, and highly resilient. And its popularity has propelled it forward with large double-digit growth rates.

But what about security? The cloud is frequently touted as being more secure than on-premise computing. Vendors supply computing to massive numbers of clients and have honed their skills in creating authentication and access controls. Cloud data is typically replicated to avoid loss and encrypted to ensure privacy and security. Cloud vendors are significantly more vigilant than on-premise in being able to stay abreast of software patches and in performing regular vulnerability and security monitoring and audits.

Despite the many reasons to trust the security of the cloud, there still is a lot of angst. A Ponemon study found that 60 percent of IT leaders are not confident about being able to secure the data that they store in the cloud. A similar study by the Cloud Security Alliance (CSA) found that 31 percent of leaders weren’t confident in their cloud security and another 44 percent were only moderately confident.

The Ponemon study suggests that leaders would have greater confidence by adopting Zero Trust principles. Zero Trust requires all users, whether they are inside or outside the network, to always be authenticated, authorized, and continuously validated. Jawahar Sivasankaran, COO at Appgate, said that “while cloud security isn’t easy, applying Zero Trust principles to ensure secure access to cloud workloads goes beyond protecting valuable data and actually can fast-track an organization’s digital transformation.”

The CSA study recommends the adoption of Confidential Computing as a deterrent to hacking. Confidential Computing protects data at the time of processing. Using Confidential Computing, data is isolated in the CPU of the server while it is processed and protected. It is an additional precaution in protecting data that may otherwise only be protected ‘at rest’ with encryption.

Both Zero Trust and Confidential Computing can boost the security of cloud computing environments. But will that be enough to ease the concerns of IT leaders?

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Leave a Reply

Your email address will not be published. Required fields are marked *

*