Bill Brenner and CSO Online in partnership with CIO Magazine and PriceWaterhouseCoopers have published their Eighth Annual Global Information Security Survey . One of the findings of the survey as reported on by Brenner is that many companies while seeing the benefits of the cloud are hesitant to move to the cloud because of security. Bill actually spoke to 3 or 4 CIO/CISO’s about this and has some interesting reports.
While this type of finding is not new by any means, I am surprised that we are not yet seeing some of this FUD dying down. One information security officer besides worrying about the reliability of Cloud networks (I am not sure I agree that they are less reliable then most LANs), worries about who cloud providers are hiring. That doesn’t seem like a immovable rock of a problem. Should be pretty easy to find out what kind of background checks and access your cloud provider performs. Of course there was the recent case with Google, but for the most part, I just don’t see this as anything more than the red herring it is. Sounds like a case of the people who like to say “no” to me.
Another person interviewed did have an interesting twist. He was a CSO in a large financial company. His comment was that until the Security and Exchange Commission ruled on what type of data could be stored in the cloud and what the reporting requirements were, he was hesitant to put anything there. Until he can get some answers I don’t think you can blame him. To me this is a case of where the law and regulations have to catch up to the technology. In such a regulated industry as finance, that view is perfectly logical and justified. It may take some time to catch up, it often does.
The third person in Bill’s article was more typical of what we see a lot of with the cloud security bogeyman”. He was with the USTA. While they do not use the cloud for any of the thousands of transactions they perform with tickets to events and stuff, he has no problem putting the USTA’s back end office, including financial into the cloud. I am not sure which pieces of the transaction puzzle he thinks are not secure in the cloud, while he does think it is secure to keep such data as their financials.
With all of this though, here is the thing. Cloud security concerns are sometimes valid and sometimes exaggerated. But what we seem to never hear from are people who have put their trust in the cloud and have lived to regret it. If any of you are out there reading this, please comment and let us know your experience.
Related articles by Zemanta
- Business partners a growing security concern (infoworld.com)
- To Cloud or Not to Cloud? That is the Question. (backupify.com)
- The Security-Compliance Divide That Can Threaten Your Business (forbes.com)
- Cloud Vendors Push US Congress For More Data Protection (cloudave.com)
- Security and Compliance in the Cloud (blogs.splunk.com)