Cloud Security – It’s All About Partnership

Monday, November 28, 2011

Ben Kepes

4c1c5119b03285e3f64bd83a8f9dfeec

Cloud Computing, like marriage, is an example of a situation needing ongoing work from both parties to make for success.

It was the over-arching theme of the CloudU report we published recently which took a deep look at Cloud Security.

In the report we reflected on the fact that, rather than the traditionally held view that by outsourcing IT, end users can forget about security, Cloud security is truly a two way street with both parties needing to bring something to the table.

There seems to be conflicting messages going on from vendors – the traditional vendors decrying the security issues raised by the Cloud, while the Cloud vendors seek to ignore the security issues that Cloud does indeed raise.

It was interesting then, given the conflicting messages, to read a blog post recently. In the post, Jon Oltsik tells of presenting at a Cloud conference in Washington DC and having the overwhelming feeling that Cloud security concerns are real, this despite the contrasting view of former Federal CIO Vivek Kundra who perceives that:

a lot of people are sort of driving this notion of fear around (Cloud) security, and the reason I think that’s been amplified, frankly, is because it preserves the status quo.

Oltsik reflects on recent research that suggests that 43% of respondents in one particular survey rated “data security and privacy concerns” as their top issue when it comes to Cloud Computing.

This perception isn’t helped any by well-meaning, but ultimately unhelpful comments on the risks involved in Cloud Computing. A good example of this popped up recently with an emotive article titled “Cloud’s Shady Side”.

The article talked about a new initiative being discussed in new Zealand that would see a Cloud code of practice developed to help protect customers.

In the article mention was made of the security risks of Cloud Computing, especially to small and mid sized businesses who might put “all the business data and personal information of clients in a Cloud without having good controls or knowing where it was”.

What the article fails to mention is the fact that the biggest security risk to small and mid sized businesses comes not from outside parties looking to steal or nefariously use their data, rather it comes from insidious risks such as:

  • rogue employees looking to cause damage to the organization
  • losses from the failure of poorly maintained systems

Yes, Cloud Computing, like any system that relies on more than information stored in one person’s memory, has security risks. But these risks are both manageable, and relatively low compared to the alternative.

Cloud users need to understand what they need to do to keep themselves safe in the Cloud, but understanding and planning for the risks is different from putting Cloud in the “too hard” basket.

Cloud security is a two way street – both vendors and customers have a part to play in keeping it safe but, notwithstanding this fact, Cloud is still the best option for a number of SMB use cases.

This series of posts are companion pieces to the CloudU series of educational material. We’d love you to join in some of our webinars or read the whitepapers the CloudU homepage is – here – and you can register to have updates sent to your inbox (in a non-spammy way of course!) there.

Cross-posted from Diversity

Possibly Related Articles:
5128
Cloud Security
Service Provider
Cloud Security Small Business Outsourcing Vendor Management Managed Services SMB CloudU
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.