Cloud Computing Security Fears
It’s no secret that fear about security, or lack of it, is the major stumbling block ahead of universal adoption of cloud computing. While many of the concerns are unfounded, some do, in fact, have bases. I have addressed these issues, and some possible solutions, in an earlier article.. In fact, I have argued that cloud computing is no less safe than current technology out there, and sometimes, safer.
At the same time, it is clear that the public in general and the IT crowd in particular, can do with more assurance on this count. There’s a chance that the RSA Conference starting from 14 February at San Francisco can come up with some definitive answers to security concerns in cloud computing.
According to a pre-show analyst conference call on 9 February attended by several conference participants, cloud computing is set to hold center stage just like last year. Analyst firm Frost & Sullivan is also set to outline the current state of the cloud computing industry in their 2011 Global Information Security Workforce Study where they have interviewed more than 1,000 information security professionals across 100 countries.
Speaking on the study, Rob Ayoub, global program director at Frost & Sullivan, said that it revealed the need for greater education on cloud computing. Citing statistics, he said that 73% of respondents said they needed new skills to deal with cloud, 90% said they required a more detailed understanding of securing this technology, while approximately 50% of respondents expressed a desire to improve their contract negotiation skills with providers.
The RSA Conference is the premier gathering of information security professionals from across the world, who get together to discuss new developments and threats, and how to address them. The jury is still out on whether this one can address the outstanding issues on cloud computing security, especially since this is the second time that the cloud is the focus of this gathering.
Although several issues have been identified last year and solutions proposed, not many have seen the light of day. In fact, it is the popular opinion that people are not more confident about cloud computing than they were a year before. However, the sessions do give cause for hope, addressing as they are some of the most important issues. Some of the sessions planned for the five-day conference are “Cloud Computing Privacy and Security: The Legal, Ethical, Regulatory Framework”, “Private and Government Sectors: Why are Agencies Hesitant to Adopt Cloud?” and “Cloud Computing: A Brave New World for Security and Privacy.”
It is my opinion that an industry gathering like the RSA Conference offers a lot of potential for taking cloud computing to the next level. One thing that I would definitely like them to address is the lack of standards in the cloud computing space, about which I have written in an earlier article.
Secondly, I believe that the industry should try to co-opt the US government in its discussions. History has shown that any technology has a better chance of success with official support. After all, even from a pure business standpoint, the government is a major client, besides being of great help in dealing with regulatory issues.
In conclusion, I believe that yes, the RSA Conference can help address cloud computing fears; to expect them to be dispelled would be asking for too much.
By Sourya Biswas
Principal Security Consultant at NCC Group
13+ years of experience in Client Engagement, Business Development, Project Management and Management Consulting in the Information Security & Risk Management and IT Strategy domains.
250+ articles on Cloud Computing, technical editor of a reputed textbook.
MBA (double major in Consulting & Business Leadership) on full scholarship from Notre Dame, Bachelor’s engineering degree in Information Technology from a top 10 engineering institute in India.
Professional certifications include the CISSP, CISM, PMP, PSM and several ITIL Intermediates.