A breakdown of the top misconceptions enterprises are facing when assessing the security levels of cloud computing environments, and the realities behind them

1. WHITE PAPER: KVH Cloud Solutions
Cloud Security: Perception VS
Reality
A breakdown of the top misconceptions enterprises
are facing when assessing the security levels of
cloud computing environments, and the realities
behind them
Table of Contents
2 Introduction
2 Perception 1: The cloud cannot be secure
2 Perception 2: Cloud computing is less secure than on-premise
alternatives
3 Perception 3: Private Clouds are secure, Public Clouds are not
4 Perception 4: Compliance guarantees ssecurity
4 Conclusion
5 Appendix: Cloud Security Must-Haves
6 About KVH
Copyright© 2012 by KVH Co. LTD
All Rights Reserved. Not to be copied or reproduced without express permission of KVH Co LTD
Page 1 of 6

2. Cloud Security: Perception VS Reality
Introduction to the kind of server being used and the
network connecting their systems.
Ranked as the top technology priority among
CIOs in Asia in the 2011 Gartner Executive For industries that need to align with specific
Programs (EXP) CIO Agenda Survey, cloud regulations, such as the financial services
computing has attracted significant attention sector, ensure your service provider not only
as businesses are becoming keen to offers security services that meet these
understand how they can effectively standards by holding certifications in ITIL, ISO
leverage these services at minimal risk and for 27001, and SSAE16, but is also experienced
maximum benefit. With the continued growth enough through servicing other businesses in
of online security threats and ways that these your industry to understand the role security
can spread, security is repeatedly being solutions play in how your business functions
reported as a key concern among businesses and transfers data.
when determining whether they should move
to the cloud and, if so, what kind of cloud Depending on the service and provider,
solution they should be adopting. cloud computing solutions should be able to
meet the security requirements of any
This whitepaper aims to outline and verify the business from a technology perspective, as
truth behind some of the common well as throughout their internal processes,
misconceptions about security and cloud operations, and personnel.
computing that can often deter businesses
from adopting this evolving and potentially Perception 2: Cloud computing
highly beneficial technology.
is less secure than on-premise
Perception 1: The cloud cannot alternatives
be secure Reality: As cloud computing is strongly based
on automated systems, it actually avoids the
Reality: Cloud environments can be highly
common security breaches that occur with
secure and levels of security can be scaled to
on-premise systems due to human errors.
suit a business’ specific needs and existing IT
systems. Before implementing a cloud service,
Also, outsourcing ensures that physical access
ask the service provider what level of security
to your servers is strictly monitored 24 x 7 by
they offer through public, private, or hybrid
highly experienced professionals. Vendors
cloud solutions, and how this differs according
place high importance on these technologies,
Copyright© 2011 by KVH Co., Ltd. All Rights Reserved
Page 2 of 6

3. Cloud Security: Perception VS Reality
staff, and processes to ensure that their Reality: This perception is fundamentally built
customers’ data is kept secure at all times. A on the understanding that there are two kinds
security breach can be just as detrimental to of cloud services. However, depending on
customers as it is to their service providers, not the use of hybrid configurations, on-premise
only due to the expenses of solving the issue hosting and colocation, dedicated servers
and implementing new technology and and networks, VPS, and various other
processes where necessary to ensure the technologies, the security of a cloud service
problem cannot arise in the future, but also can significantly change. Just as a network or
because of the significant blow to their server configuration can be tailored to meet
reputation that can take months, if not years, certain business requirements, a cloud
to earn back. environment’s security can also be
customized to meet compliance issues and
For cloud computing service providers, this is other needs.
a core part of their business, allowing them to
make expensive, long-term investments in For example, the use of dedicated VLANs
their security offerings to ensure they can would logically separate customer
succeed in this increasingly competitive environments and provide security control at
market by providing customers with the best layer 2. Intrusion prevention systems, Firewalls,
services available. Furthermore, as more Encryption, Authentication, Authorization,
businesses in the financial services sector are and Audit Trails provide the required security
adopting cloud computing solutions, service controls to protect your assets and data.
providers are being forced to improve their Leverage your provider’s Professional Services
standards to meet the regulatory compliance to determine these details since, depending
and operational security needs of these on the equipment used and configuration, a
organizations, inevitably leading to an overall public cloud could be just as secure as a
rise in security standards across the industry. private cloud and, despite the perception,
private clouds can have security weaknesses
Perception 3: Private Clouds in their infrastructure or how they are
managed.
are secure, Public Clouds are
not
Copyright© 2011 by KVH Co., Ltd. All Rights Reserved
Page 3 of 6

4. Cloud Security: Perception VS Reality
Example Use Case of a Closed L2 Network
Perception 4: Compliance has been supplied. As well as assessing the
actual solution being provided, ensure your
guarantees security provider’s certifications are up to date and
that they regularly conduct internal and
Reality: A service provider’s certifications in
external audits to maintain a high level of
ITIL, ISO 27001, and SSAE16 should be
security across their infrastructure, processes,
thoroughly assessed to ensure the provider is
and daily activities.
adhering to their own industry standards as
well as your industry’s regulations and
Conclusion:
compliance requirements. However, it should
also be recognized that a service provider Despite the security concerns mentioned
should not be considered ‘secure’ merely above, more and more companies are
because of their certifications. adopting cloud computing solutions to
remain competitive and meet the evolving
These certifications determine the standards a
needs of their business and customers. The
provider has met at a certain time, and do
CIO Global Cloud Computing Adoption
not necessarily ensure that these standards
Survey of 2011 showed that two-thirds of
are being maintained after the certification
organizations are planning or currently
Copyright© 2011 by KVH Co., Ltd. All Rights Reserved
Page 4 of 6

5. Cloud Security: Perception VS Reality
adopting cloud computing, with 22% already measures deter you from leveraging this
in department and enterprise-wide highly valuable technology. Instead, assess
deployments. your business needs, the IT challenges you are
trying to overcome, and your current IT
When assessing the security of your cloud systems to ensure the right security solution is
solution, do not let necessary security provided for you.
Appendix: Cloud Security Must-Haves
Certifications ITIL, ISO27001, and SSAE16 certifications for industry-standard
processes, data center design, SDLC, operations, and maintenance
Encryption Protects data from interception
Firewall Provides access control filtering
Authentication Ensures access to the system and data is only allowed to users who
have been granted permission
Authorization Ensures users can only perform actions that are permitted
Auditing and Provides management teams with a clear window into what
Reporting resources are being used by who and how
Replication & Reliable backup and redundant systems support BCP and enable
Redundancy fast data recovery when required
Data Center Manages the physical access control of who has access to the
Access Controls systems housing your data
Copyright© 2011 by KVH Co., Ltd. All Rights Reserved
Page 5 of 6

6. Cloud Security: Perception VS Reality
About KVH
KVH was established in Tokyo in 1999 by Fidelity Investments as a Japan focused IT /
communications service provider. As an information delivery platform that allows enterprise
customers to store, process, protect and deliver their vital business information, KVH offers
integrated cloud and network solutions that include infrastructure-as-a-service, managed
services, data center services, professional services, data networking, internet access, and voice
services. KVH operates the lowest latency network in Japan, and with over 450 financial services
customers, is the leading provider of ultra low-latency network and proximity hosting solutions to
the high-frequency trading community in Tokyo and Osaka. KVH also offers low-latency
connectivity services between major financial markets in the Asia/Pacific region and the US
including Tokyo, Chicago, New York, Singapore, Hong Kong, Shanghai, and Sydney.
More information on KVH can be found at www.kvh.co.jp/en/
Copyright© 2011 by KVH Co., Ltd. All Rights Reserved
Page 6 of 6