As a proposition, the cloud requires little introduction and increasingly we are moving away from our familiar physical infrastructure in favour of hosted services, delivered virtually. The meteoric rise of smartphones and tablets has created a market on a scale that few had anticipated, and it’s gathering pace. The benefits of adoption are widely discussed, and are becoming the basis for business models and a fact of life.

According to analyst firm Gartner (2011 CIO Agenda survey) this is just the tip of the iceberg because they expect enterprise cloud adoption to rise from 3% to 43% in four years. This is a huge amount of data passing through the cloud and it must be secured, but a new approach is needed, and as yet no single solution is available.

This is understandable because cloud technology has arrived so fast and businesses, service providers and integrators have simply not had time to respond. There is some direction emerging though, for example Federated ID and Security Assertion Markup Language (SAML) may help, but in reality they are not ready for commercial release.

For organisations using the cloud further delays will be dangerous, and previous security gains are being put at risk. The cloud, with its infinite scale and versatile delivery, has released businesses from the historical restrictions of expansion and the need for economic growth has never been stronger. The growth of system architecture has accelerated under pressure from internal and external demand, but with the associated noise, security policy reviews have been delayed and new vulnerabilities are being created.

Businesses and organisations lack the capacity to manage a technology evolving at such pace. What may be sound advice one month becomes arcane the next. Meanwhile, CIOs are dealing with more devices, more users, and more vulnerability. The stakes are increased further because security policy impacts on the whole spectrum of business effectiveness, including profitability, legal compliance, and even survival.

For cloud service providers monetising their security measures will be a challenge, so automation has to be the answer, and they are under increasing pressure to offer integrated and streamlined solutions.

Strong authentication of user accounts is the foundation stone for cloud security. It's irrelevant how well encrypted a database is if an intruder is using legitimate credentials. Cloud based servers are faced with thousands of logins from hundreds of different remote devices at all hours of the day, and all too often they have no reliable way to ensure that the user is who they say they are. This would not present a problem if everyone used unique passwords and practiced good password hygiene, but we already know that's not the case and there are millions of compromised username and password combinations freely available. Strong authentication of user accounts that moves beyond passwords is set to become the new antivirus. In other words, it will be something that all businesses will soon require to protect themselves, their employees, their customers and literally their survival.

As demand soars, methods of authentication are getting smarter - and they need to. Gone are the days of costly and easily misplaced hardware tokens for two-factor authentication. Tokens can now be delivered as a commodity through the cloud on a per-user basis, poetically providing the solution to the problem of its own making. This economical and infinitely scalable approach allows service providers to build cloud security into their core offering.

Cloud computing promises many benefits and the timing could not be better. But a move to the cloud should not increase an organisations risk profile, especially when the problem is known and a reliable solution is available from existing, evolved technology. NC