Public cloud technologies aren’t an option for Raytheon Co., a Waltham, Massachusetts based defense manufacturer, but they are developing a private, “cloud-type” service that they and other partners can begin using. Even so, security remains a paramount concern.
First is the movement of data and applications from a traditional server environment to one that is at least partially virtual. According to Michael Daly, deputy CISO for Raytheon, security controls in a virtual environment are “a lot more complicated.” Part of this lies in the element of the unknown that must be borne as services move from the physical to the virtual and IT must cross their fingers and hope that things like firewall controls and security keys made the jump.
Companies like Raytheon also face challenges in security when it comes to broader cloud services like Google Docs. Employees are conditioned in many cases to use services like the shared document option, services that are not entirely secure and that can lead to user data being lost or compromised. Along with service upgrading, private clouds require that employees understand what is expected of them as well.
Raytheon and its partners will need to find ways to address authentication, as well as ensuring that the right people have access to the cloud is important for making sure the right data is shared. This means developing protocols so that all companies working with Raytheon check identity and access the same way in order to prevent potential breaches.
Risk is an inherent part of the cloud service model, and many businesses are choosing to use a private version before moving to a potential public model. Even in these more controlled environments, however, robust security is still a concern.