A few months ago, Google announced plans to move its corporate applications to the cloud; a new security model that it has referred to as The BeyondCorp Initiative. Rather than trust an internal corporate network to protect its mission-critical systems, Google is shirking tradition. It’s operating on the belief that internal networks are just as hazardous as the Internet – a fact that cloud experts have maintained for years.
Mind you, Google’s not the only business to have come to this realization. According to Gartner, the cloud security market is experiencing a period of significant growth, projected to grow to $4.1b by 2017. What’s more, there’s mounting evidence to suggest that internal networks might actually be less secure than cloud models.
“In terms of human risk, employees with potentially malevolent intentions will find it more difficult to locate certain data in the cloud,” notes Information Age’s Ben Rossi. “Then there is the argument that cloud businesses have more secure IT environments than the organizations they sell to. Why? Because that’s the product they’re selling.”
An Expanding Perimeter
BeyondCorp is a smart move by Google, and more should follow its example. By securing data via the cloud, enterprises can move past archaic security traditions that require total control of the devices on their network. By making access to sensitive information reliant solely on device and user credentials, organizations can allow employees to connect from anywhere – without requiring a traditional VPN.
This in turn allows them to equip employees with the capacity to safely access corporate assets from anywhere, enabling a level of mobility and access to outsourcing impossible to implement with traditional security.
“The perimeter security model works well enough when all employees work exclusively in buildings owned by an enterprise,” notes a BeyondCorp White Paper published in December. “However, with the advent of a mobile workforce, the surge in the variety of devices used by this workforce, and the growing use of cloud-based services, additional attack vectors have emerged that are stretching the traditional paradigm to the point of redundancy. Key assumptions of this model no longer hold.”
“The perimeter is no longer just the physical location of the enterprise,” continues the piece; “and what lies beyond the perimeter is no longer a blessed and safe place to host personal computing devices and enterprise applications.”
Bare Metal Security And The New Enterprise Paradigm
Cloud security solutions can be made even more secure through the use of a bare metal cloud. Instead of provisioning shared resources through virtualization, a bare metal implementation is run entirely from a dedicated server or cluster of servers. In addition to making bare metal effectively immune to vulnerabilities such as Venom, it also means that more resources are available to manage a business’s security and networking infrastructure.
By combining bare metal and cloud security into one package, a business can expand its perimeters farther than ever before. It can allow employees and contractors to work entirely independent of physical location while at the same time securing more devices and access points than it ever could with a traditional cloud. But perhaps most importantly, its IT department can rest secure in the knowledge that their cloud resources belong to them and them alone – and can be used as they see fit.
“To a significant percentage of potential cloud customers, the idea of a faceless backend is not an appealing one, nor was the thought of their business needs simply sharing resources with an unknown number of other customers.” writes David Chernicoff of ZDNet. “With the bare metal cloud, you get what most people see as the advantages of the cloud: the ability to rapidly provision and deploy services as your business needs them, with many of the advantages of colocation, running only what you want provisioned.”
It’s a bit strange, really – only five years ago, media outlets were all abuzz about how insecure the cloud is; about how you can’t trust it with your data. Now, we’ve corporations like Google moving to the cloud for security and productivity. A few years from now, it might be unthinkable that a business would do anything but entrust its security to the cloud, and equally unthinkable that the cloud was ever thought of as virtualization-dependent. The cloud may well be the future of enterprise security, but if businesses are to maximize the potential of their infrastructure, those cloud platforms are likely to run on bare metal.