CSO - What do CSOs and other IT security experts expect to be top-of-mind cloud security issues in 2011? Here are five things to watch for in the coming year:
Smartphone data slinging
More users will be accessing large amounts of data on the devices of their choice, says Randy Barr, CSO at Qualys Inc. and member of the Cloud Security Alliance (CSA).
"This comes with a lot of unaddressed security issues," Barr says. "We can expect new solutions to address mobile devices, but could see a large data breach to expose the issue of mobile security before we see a solution." Among the possible scenarios, Barr says, are insecure cloud-based backup and highly confidential data on mobile devices.
"There are some interesting inter-dependencies when using multiple cloud services on mobile devices, with possibly different security models and assumptions," he says. A hacked cloud provider could provide mass access to confidential mobile device data when mobile users are using cloud-based mobile device support, he says. In addition, loss or theft of mobile device could provide root-level access to cloud services and data. Mobile apps are often providing direct and automated access to cloud services and data, he says. If an admin-level person's mobile device is stolen, this could be a major threat to highly confidential data or even cloud services administered by such a person from an insecure mobile device.
MORE ABOUT CLOUD SECURITY
- 2010: Security for large-company cloud providers
- 2010: In security outsourcers we trust
- 2010: Akamai releases 'game changing' cloud-based payment service
- 2008: Cloud security strategies: Where does IDS fit in?
2. Need for better access control and identity management
"The cloud by nature is highly virtualized and highly federated, and you need an approach to establish control and manage identities across your cloud and other peoples' clouds," says Alan Boehme, senior vice president of IT strategy and architecture at financial services firm ING.
"There are some third parties that have delivered products and services that will address these issues, but they might not be adequate for large enterprises that have a mix of legacy and cloud components."
3. Ongoing compliance concerns
"I think that compliance, especially PCI, is likely to continue to be a security issue," says Andy Ellis, CSO at Akamai.
"Organizations still often need to come to grips with completely different processes that they have for managing data and apps in the cloud. And I think we will hear more rumblings about health-care data in the cloud."
4. Risk of multiple cloud tenants
Given that most cloud services make heavy use of virtualization technology, the risks associated with multiple organizations' data housed on a single physical hypervisor platform exist, and will continue to unless specific segmentation measures are enacted, says Dave Shackleford, director of security assessments and risk & compliance at Sword & Shield Enterprise Security, and a member of the faculty of research firm IANS.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Separating Work and Personal at the Platform Level: How BlackBerry Balance Works BlackBerry® Balance™ separates work from personal on the same mobile device, right at a platform level. Find out how it can work for...
- Protection for Every Enterprise: How BlackBerry Security Works Get an IT-level review of BlackBerry® Security, addressing data leakage protection, certified encryption, containerization and much more.
- Future Focus: What's Coming in Enterprise Mobility Management (EMM) Find out why Enterprise Mobility Management (EMM) solutions that are truly future-ready must be designed to enable Machine-to-Machine (M2M) capabilities and much more.
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Unmasking the Differences between Consumer and Enterprise File Sync & Share The consumerization of IT combined with the rapid pace of the modern mobile workplace is forcing enterprise IT teams to evaluate file sync...
- Live Webcast Workforce Mobilization for Improved Productivity A mobility research director from Aberdeen discusses reasons for extending legacy applications to mobile devices, and an integration strategist from Attachmate shows how...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of... All Mobile/Wireless White Papers | Webcasts