I am out at the Symantec Visions Conference in Las Vegas this week. Lots of great panels with Symantec execs and many of their partners. I caught a good one today on Cloud. Francis de Souza, Senior Vice President Enterprise Security Group at Symantec said something that I had never thought about before.
De Souza said that one of the issues around securitybeing an inhibitor to cloud adoption is that people want their cloud security to be better than the security they currently have in place on premises. Think about that, the security they have now is not good enough. If they are going to move to the cloud, they want the security there to be better than that.
So there is a higher bar for cloud security than on premises security. Once you wrap your head around that, there is a lot that flows from it. First of all if that bar should be met, wouldn’t that make security an enabler of cloud adoption? If the security is better in the cloud than on premises, it should be an enabler and reason to move to the cloud.
Of course the issue is that if we can’t reach acceptable security on premises, how are we supposed to have better security in the cloud? This goes to something I have written about before here on SCR. Cloud providers because of their economies of scale are in a much better position to put the resources necessary into the cloud security issue.
Just because they are in a better position though doesn’t mean they will do so. Marcia Savage on SearchCloudSecurity.com recently had an article on a study by the Ponemon Institute and CA that said, “cloud service providers don’t view security as a priority, spending little on it and shifting the responsibility to their customers..”
If you are going to believe that survey the only logical answer is that their customers have not demanded that cloud providers take security seriously. More importantly it seems to go against the data that Symantec has.
So what is the answer? Do we need to raise the bar for security in the cloud and make security an enabler of the move to the cloud or do customers not really care about cloud security enough to make their cloud provider take it seriously?
- Cloud Vendors Punt Security To Users (informationweek.com)
- Live Blog from Symantec: Mobile Security and the Cloud Backup Question (readwriteweb.com)
- On the CA/Ponemon Security of Cloud Computing Providers Study… (rationalsurvivability.com)
- Cloud Computing Providers: Clueless About Security? (pcworld.com)
- The Top 5 Security Risks of Cloud Computing (blogs.cisco.com)
- Secure Cloud Review Wants You (securecloudreview.com)