Last week I wrote about the RSA Conference currently on in San Francisco and what it meant for cloud security (See: Can The RSA Conference Help Dispel Cloud Computing Security Fears? ). Today’s article is an update on what’s happening in “The City by the Bay.”
For one, cloud computing is high on the agenda at the conference, so much so that there is a Cloud Security Alliance (CSA) Summit on the schedule. I had touched on the CSA in an earlier article (See: Big 4 Auditing Firm Ernst & Young Joins Cloud Security Alliance) and there’s no doubt that they are doing important work in addressing security issues in the field.
Marc Benioff, CEO of Salesforce.com, started off the proceeding with an intriguing presentation that tried to tie social networking and enterprise software together in a cloud computing-based solution. Benioff’s SVP of Product Marketing Kraig Swensrud then outlined his company’s approach to the matter.
The session titled Cloud Computing: A Brave New World for Security and Privacy featured speakers who enumerated some issues for businesses planning to go to the cloud. Eran Freigenbaum, director of security for Google Apps, said that clouds are not more or less vulnerable than traditional IT systems. In fact, he opined, attacks by hackers are not due to increased vulnerabilities but “because that’s where the data is.”
Although Freigenbaum argued that cloud providers generally offer a higher level of security than corporate firewalls because they are developed to specifically address Internet security issues, a quick show of hands among the audience showed they needed more convincing on this count, and the majority still believed that traditional systems are more secure.
Archie Reed, chief technologist for cloud security at Hewlett-Packard Co., spoke about some of the compliance issues associated with cloud computing, citing the example of a Canadian bank’s marketing department that placed customer information on a service provider’s data center and unknowingly violated the law of the land. I had discussed such problems in Computing Without Borders – What Works, What Doesn’t ).
Tanya Forsheit, founding partner at InfoLaw Group LLP, stressed on some of the legal challenges of cloud computing. She mentioned that current laws place little responsibility on cloud computing service providers for data loss, a less than ideal situation for businesses looking to migrate to the cloud. She advised businesses to be careful in their negotiations with providers before signing on the dotted line, an issue I had written on in Cloud Computing and Wikileaks: Was Amazon’s action justified? .
By Sourya Biswas