know what assurances there are that data is being used for its stated purpose. Questions also arise about jurisdiction; whose laws apply to the data in the cloud, and consequently, what protections apply. “We focus more on the privacy side of the equation,” added Carter, explaining his concern is about identity protection. Microsoft’s Akif, however,
thinks the
cloud is more inherently secure than a company’s own data centre in a large ma- jority of cases. Microsoft’s facility, for ex- ample, complies with multiple security
were getting from your service provider be- fore – it could be better than what some mom and pop shops can do. The discussion then travelled to the issue of whether more corporate execu- tives are getting involved in security dis- cussions. Weigelt is seeing a lot more interest, and hearing more questions asked because, he said, “[Cloud com- puting] is an economic enabler.” However, O’Higgins added, because cloud is so easy to enable, a lot of depart- ments are surreptitiously implementing it
Warren Shiau is a respected tech- nology analyst and research consultant with sector expertise in software, hard- ware and communications. His wide- ranging experience in IT research and analysis includes positions at The Re- search Board division of Gartner in New York, and IDC where he was the lead Canadian-market software ana- lyst. At The Strategic Counsel, he is re- sponsible for IT market research, including market analysis and fore- casting, ad-hoc client inquiries, white papers and position statements, syndi- cated and custom market studies, and competitive analysis.
and privacy standards because, said Akif, “The cloud has to satisfy all. Just because your data is stored in the cloud doesn’t mean it’s insecure.”
On the other hand, he noted, “I do think there is more to be done,” adding, we need independent bodies to certify the security of the cloud. Weigelt
chimed in by saying
“I THINK CLOUD COMPUTING HELPS AN ORGANIZATION. A COMPONENT OF COMPLIANCE IS BEING OUTSOURCED TO THE
the
biggest challenge for the C-level execu- tive is in understanding the cloud. The term is used in many different ways, and they need to know where on the con- tinuum the clouds they’re dealing with fall. “I believe more work can be done to inform and educate people about what’s out there.”
“The question is,” O’Higgins asked, “is
it more secure than what you were doing before?” Answer: it depends on what you
WWW.SECURITYMATTERSMAG.COM
ORGANIZATION HOSTING INFRASTRUCTURE. MOST ORGANIZATIONS SEE THAT AS A POSITIVE.”
— Mohammad Akif
without IT intervention. “We have a lot of disasters beginning to happen.” Akif agreed. “There are critical applica- tions running on a pizza box under a desk.
CIOs are concerned that business units are doing things without using IT, and by- passing the checks and balances.” There’s a national security angle here as well, he went on, with government de- partments putting information in the cloud. But just because data is sensitive, it doesn’t mean it can’t be outsourced; you have to make sure the cloud provider is complying with the appro- priate policies. Some of the top threats to cloud com- puting and their mitigation were touched on next. Shiau said that it comes down to strength of internal controls. “You have to ask the classic questions: who has access to the data and what is it used for.” Akif added that companies have to ask
about the additional challenges from cloud computing – how do you ensure that the data won’t get out of the environment, and if it does, how would you find out, what safeguards are in place, and how do you hold people accountable?
MAY/JUNE 2010 • SECURITY MATTERS 19
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42