Cloud security concerns are overblown, experts say
RSA panel compares enterprise fears of cloud security to early, now eased, concerns about virtualization technology
Computerworld - SAN FRANCISCO -- Security concerns should not deter enterprises from using public cloud technologies when it makes business sense.
A panel of practitioners said at the RSA Security Conference here this week agreed that if cloud providers are vetted properly, most enterprise workloads and data can be safely migrated to cloud environments.
Any lingering questions by IT security pros about data security and privacy of cloud computing will be allayed just as concerns about virtualization were in the past, they said.
"The horse is largely out of the barn," said John Pescatore, director of research at the SANS Institute. "There is no debate about whether we are going to use the cloud," he said.
Today, though, security concerns are still the major inhibitor of cloud adoption at many large companies. The concerns are most significant among those IT executives considering a cloud migration. Those who have already made the leap appear mostly satisfied with cloud security, the panel agreed.
An Intermap survey of 250 decision makers at medium and large companies found that 40% of those who described themselves as "cloud-wary" cited security as their biggest impediment to adoption. In contrast only about 15% of "cloud-wise" respondents felt the same way.
Intermap said its analysis of the findings determined that cloud-wary companies are likely substantially overestimating the security risks substantially. This group is less concerned about the performance and cost challenges cited by companies that have moved to the cloud.
Bruce Schneier, a panelist and CTO at Co3 Systems Inc., a vendor of incident response technologies, suggested that companies first consider the level of security offered by the provider.
Cloud vendors provide different levels of security, he said. "The basic issue is, do I trust that other legal entity that has my data on their hard drive?" Schneier said.
Making that leap of faith shouldn't be too difficult for IT executives, he said. Just like they had to learn to trust hardware, software and outsourcing vendors, enterprise IT executives will one fay have to start trusting cloud vendors.
The popular perception that the cloud is inherently insecure is wrong, said Wade Baker, managing principal of research and intelligence at Verizon. "It seems to imply this relationship with the cloud is untrustworthy or higher risk."
Despite all the fears about cloud security, there are few instances where enterprise data was compromised because it was moved to the cloud, he said. In fact, a vast majority of enterprise breaches involving cloud providers, stemmed from enterprise failures and not cloud provider faults, added Pescatore.
The issue of how to deal with government requests for data in the cloud is still only being worked out, the panelists noted.
Larger cloud providers like Google and Microsoft have already taken steps to foster great transparency. Such firms are well equipped to legally to fight government requests for data access than individual companies, the panelists said.
"The cloud is not an all or nothing strategy," said Eran Feigenbaum, director of security for Google Apps. By properly classifying data and moving public and sensitive data to the cloud, companies can do a better job protecting the really critical information internally, he said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is email@example.com.
- Cloud security concerns are overblown, experts say
- Cloud computing 2014: Moving to a zero-trust security model
- Amazon hiring 'top secret' IT staff as it fights for CIA work
- Empire state ends IT empire building
- No, your data isn't secure in the cloud
- Snowden revelations may cost U.S. cloud providers billions, says study
- DHS shifting to cloud, agile development to boost homeland security
- Cloud computing's big debt to NASA
- Coke bottler picks SaaS over SAP
- Inmate data paroled from mainframe
Read more about Cloud Security in Computerworld's Cloud Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- PCI DSS Compliance in Cloud Environments This technology analysis addresses the challenges of the evolving cloud security landscape and how organizations can achieve PCI DSS compliance in cloud environments...
- System and Data Protection, Recovery and Availability This white paper describes how ARCserve works and the benefits it can provide IT environments of all sizes.
- Simplifying Data Protection, Reducing Risk of Data Loss and System Downtime This white paper outlines what IT organizations should look for in a data protection solution, including simplicity and ease of deployment, comprehensive protection,...
- Complexity Ate My Budget When it comes to data protection, having multiple point solutions is not the answer. Find out how to gain a holistic view of...
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
On-Demand Webcast: 7 Reasons to Choose VoIP
Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA...
All Cloud Security White Papers |