This page contains a Flash digital edition of a book.
“YOU HAVE TO UNDERSTAND THE DATA, UNDERSTAND YOUR BUSINESS WELL, AND UNDERSTAND THE EXPECTATIONS OF THE COMMUNITY. THE DEFENCE IN DEPTH PRINCIPLE STILL APPLIES. CUSTOMERS HAVE TO REMAIN VIGILANT.”

— John Weigelt, Microsoft Canada

at scale,” he said. “There needs to be a consistent way to deal with it.” There also needs to be work on ways to move data from one cloud to another.

And, said Akif, from a consumer and

small organization standpoint, there needs to be a way to detect if a provider adheres to data protection standards. Educating consumers was the next topic

of discussion, and Weigelt said that the fed- eral

privacy commissioner has begun

public consultations on all things cloud. For Carter, it is all about privacy. “We’re pushing all organizations to demonstrate how they are building privacy into applications. We’re trying to create an environment where privacy and security are a competitive advantage.” He is is- suing a challenge to businesses to come up with ideas to protect privacy. If an individual accesses data from a

business, said Akif, that customer holds the business responsible for information security. He thinks the same model will propagate into cloud; businesses will be held accountable for customer data stored in the cloud.

To assist in raising security awareness,

Microsoft reaches out to the community in multiple ways, with public outreach on being safe online, events in schools and online. It also reaches out to businesses with events, such as Hack & Defend. It also has a legal team responsible for en- quiries from law enforcement agencies worldwide because, said Akif, “We do feel the accountability part is critical.” The panel then offered advice to both businesses and individuals exploring the potential of the cloud: • Carter: Perform due diligence, measure the risks, minimize the amount of per- sonal information exposed, provide for appropriate remedies.

• Weigelt: Set the appropriate tone from the top. Put a framework in place that recognizes risks, but also lets users dabble so you don’t have surreptitious cloud connections under a desk.

• Akif: Make informed choices, under- stand the extent of

the services, the

risks involved, and develop mitigation strategies. The cloud is here to stay, and you will need to embrace it. You’re

Brian O’Higgins, president of Brian O’Higgins and Associates, is an execu- tive with more than 20 years experi- ence as a leader in security technology development for enterprise and gov- ernment customers. He is a co- founder of Entrust and co-founder and former chief technology officer of Third Brigade, a provider of security products for physical and virtualized servers that was acquired by Trend Micro in 2009. In 2008, he was appointed as a dele- gate to contribute to the Global Cyber- security Agenda of the International Telecommunications Union. He is also a founding author and contributor to the Cloud Security Alliance.

much better off preparing for it with clear strategies.

• Shiau: For an internal cloud, apply whatever policies you have in place. For an external cloud, the Service Level Agreement

is important. Look at the

kind of data you’re dealing with and where that should be. You need to de- termine what you will do with different data sets. And lay out the immediate benefits of the cloud, and what future benefits to expect. After this thorough discussion, it is safe

to say that cloud computing represents a paradigm shift in how companies de- velop, maintain and use their IT infra- structure. It is also safe to say that no company should venture into the cloud without performing its due diligence on the service provider it ultimately decides on. All this will go a long way in ensuring corporate data, wherever it resides, is safe and secure.

Lynn Greiner is a freelance writer in Newmarket, Ont.

WWW.SECURITYMATTERSMAG.COM

MAY/JUNE 2010 • SECURITY MATTERS 21 Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42
Produced with Yudu - www.yudu.com