Computerworld

Companies need shift in private cloud security: Gartner

Organisations must adjust security practices for the private cloud

The security systems of businesses must "evolve" as they move from virtualised datacentres towards private cloud infrastructures, according to analysts at Gartner.

Gartner predicts that by 2015, 40 percent of the security controls used within enterprise datacentres will be virtualised, up from less than five percent in 2010.

"For most organisations, virtualisation will provide the foundation and the stepping-stone for the evolution to private cloud computing," said Gartner analyst Thomas Bittman. "However, the need for security must not be overlooked or 'bolted on' later during the transition to private cloud computing."

Bittman said "significant changes" will be required in how security is delivered. Whether supporting private cloud computing, public cloud computing, or both, security must become "adaptive" to support a model where workloads are "decoupled" from the physical hardware underneath, and "dynamically allocated to a fabric of computing resources", he said.

Fellow Gartner analyst Neil MacDonald said, "Policies tied to physical attributes, such as the server, internet protocol (IP) address, media access control (MAC) address or where physical host separation is used to provide isolation, break down with private cloud computing."

MacDonald said, "For many organisations, the virtualisation of security controls will provide the foundation to secure private cloud infrastructures, but alone, it will not be enough to create a secure private cloud."

To support secure private cloud computing, Gartner said security must include the following characteristics:

-It must be an integral, but a separately configurable part of the private cloud fabric

-Designed as a set of on-demand, elastic and programmable services

-Configured by policies tied to logical attributes to create "adaptive trust zones" capable of separating multiple tenants