Level 3's Richter: Simplicity Strengthens Security in the Enterprise Cloud

As the enterprise cloud becomes more widely adopted, concerns over security are diminishing. However, there are still cybersecurity issues to be addressed by both enterprise cloud providers and enterprise cloud customers such as phishing attacks and zero-day vulnerabilities.

As senior vice president of global security services at Level 3 Communications Inc. (NYSE: LVLT), Richter is intimately familiar with the C-suite's concerns about the technological, cultural and other data-stewardship issues that affect their decisions to move to -- or steer clear of -- enterprise cloud.

Previously, in Part 1 of this Telco Transformation Q&A, Richter highlighted particularized enterprise-cloud security issues. In Part 2, Richter identifies the network and organizational issues that drive enterprise cloud migration from a security perspective. Richter also explains how complexity can introduce risk, so if enterprises can simplify their IT environment by migrating to the cloud, they can both reduce complexity and risk. (See Level 3's Richter Talks About Enterprise Cloud 'Gotchas'.)

Telco Transformation: Would you say these days that customers are viewing enterprise cloud virtualization as more secure, or less secure? Or six of one, half a dozen of the other?

Chris Richter: The organizations that I deal with tend to be fairly large -- in excess of 5,000 employees -- and the CIOs and CSOs that I deal with regard the cloud generally as safer because it reduces complexity. They know cloud providers have to adhere to a plethora of industry and regulatory compliance requirements. And they admit that [cloud providers] could probably do a better job of it than they can do it in house.

Doing it in house can sometimes mean managing security at thousands of locations and branch offices. If you could push those requirements and infrastructure to a cloud-based service provider, it just tends to be more reliable and more secure than trying to do it all yourself. [In regard to] doing it all yourself, there's a shortage of something like a million people in cybersecurity in just the US alone, so every time a new threat comes out or there's a newfangled security product, you've got to buy the box, spend a lot of money on maintenance and licensing, and then you've got to hire various people to manage and monitor it for it to be of any use. And a lot of IT folks I've talked to on the customer side are just getting worn out.

So to answer your question another way, complexity introduces risk, and if you can simplify your IT environment by going out to the cloud you can reduce complexity and therefore reduce risk, so they regard it as more secure on the whole.

TT: How else can an enterprise cloud customer reduce their complexity?

CR: The first thing they need to do is do an inventory of their data because that's ultimately what we're trying to protect here and treat. Determine what data is most valuable to them from an intellectual property perspective, and begin building security controls to protect the confidentiality, integrity, and availability of that most valuable data -- and then work it out from there.

I can't tell you how many times I've walked into organizations, and not only do they have any idea of what their data is valued at, but they don't know how old it is, and they don't know where it's gone. They have a lot of old data that serves no purpose from a revenue perspective, but it creates tremendous amount of risk for them because if somebody were to get it, it could really hurt these organizations. But they don't know that they're supposed to get rid of it, so data disposal is another area.

Before you move to the cloud, before you rearchitect your environment, you have to understand the value of your data, where it's located, how old it is and who needs to access it. It's a real mess out there. I'm not gonna say what year it happened, but I remember talking to a CIO who said that he lives in fear because he doesn't know where his data is -- and it's just a matter of time. He wakes up sweating because he's thinking one day something's gonna get out; he can't keep a handle on it… a lot of these folks feel like they're faking it.

TT: Do you think that's one of the reasons why enterprise cloud has grown in popularity -- because it's more turnkey and allows these folks who feel like they're faking it to keep on faking it?

CR: I think it allows folks who are faking it to get a better handle on their lives through simplification. If you migrate to the cloud, in a way you're kind of forced to figure out where your data is, and you get to start fresh. A large organization has a really tough time going into a board of directors meeting asking for $100 million to architect what they have in place -- but they can get $30 million to migrate to the cloud and show how it will make them more efficient and benefit the bottom line. In the process, it can clean out a lot of their old systems and data. I talked to a Fortune 100 company's CIO who said they are moving to the cloud to simplify, and anything that they can't move to the cloud they're going to let die in place; his actual words were "DNR on those old systems." I think simplification and organization is why cloud is becoming more popular.

— Joe Stanganelli, Contributing Writer, Telco Transformation