CSA Congress 2013: Cloud is Not only Cheaper, but More Secure

The CSA Congress 2013 kicks off today in Orlando, Florida
The CSA Congress 2013 kicks off today in Orlando, Florida

Amazon’s Teresa Carlson delivered the opening keynote at today’s Cloud Security Alliance (CSA) Congress in Orlando, where she touted the security superlatives of the cloud services industry, and in particular her employer, Amazon.

“One of the things that drew me to Amazon was their commitment to security”, she explained. “When you work in enterprises or government, security is key to building your applications or delivering on your mission.”

Carlson noted that computing’s ‘Iron Triangle’, which assumes that organizations can have cloud-based services delivered better, faster, and cheaper – if they are willing to settle for two of the three. “But what about more secure?”, she asked the audience rhetorically. “Is there a way to have an iron quadrangle?”

She supported the ‘triangle’ claims by citing evidence that cloud providers are not only a better bargain, but are perceived as more secure than in-house computing solutions. Carlson quoted an IDC survey from September 2013 that “nearly 60% of organizations agree that CSPs [cloud service providers] provide better security than their own IT organizations.”

In addition to the economic benefits, Carlson noted that cloud providers’ security allows IT security professionals to concentrate limited resources on more specific threats to an organization.

So, is the security proposition too good to be true for the likes of Amazon and similar cloud providers? “We worry every single day about security for our customers”, Carlson responded, not surprisingly. To support her claims, the Amazon VP outlined seven reasons for “systematic superiority of cloud security”:

  1. Integration of compliance and security
  2. Economies of scale apply
  3. Customers refocus on systems and applications
  4. Visibility (ability to know what you have within your network), homogeneity, and automation
  5. Cloud platforms as “system containers”: a new kind of defense in depth (the cloud is not only a programmable infrastructure, but a reacting infrastructure; it allows for monitoring, logging and alerting of “interesting” events)
  6. Cloud, Big Data, and security; use the cloud to secure the cloud
  7. With the cloud’s speed of innovation and increasing scale, the security story will only get better quickly

When it comes to this last point, Carlson said that cloud computing’s “scale fast and fail fast” proposition allows organizations to deploy strategies, and if they fail, make quick adjustments. “You can have better, faster, and cheaper, with more security wrapped around it”, she concluded.

What’s Hot on Infosecurity Magazine?