Cloud Security: Danger (and Opportunity) Ahead
What you do not see is that the provider accepts any responsibility or duty to inform the data owner, you, of any breach, notify you of any attempt, nor responds to any incident. The agreements are worded such that the customers' of Cloud computing bear all responsibility for such risks. It therefore appears that any law requiring breach notification, and any regulation or requirement, such as PCI, cannot be complied with.
Since the concern above is present, and understanding the incredible potential of cloud computing to improve the performance of IT foundation and infrastructure, we must find a solution, or a set of solutions, to standardize and address security concerns communicating to the cloud, within the cloud, and to data elements which reside therein.
In the next article, I will discuss the requirements for such solutions, and will include the excellent proposals brought forth from the Jericho Group and from the . I will also issue a "call to action" for these and other organizations to address the issue of cloud security before the technology become either unmanageable or, conversely, be seen as too risk-laden for corporations to use.
Ariel Silverstone is a veteran of the Israeli Defense Forces with experience in physical and information security and regularly contributes to information technology certification exams and to newspapers, magazines and electronic publications while working on a Radio show. He holds both the CISSP (for security) and the CBCP (for business continuity planning) certifications, as well as many others. During his IT and management consulting career, he focused on providing IT strategy, engineering, and assimilation solutions for a portfolio of primarily Fortune 500 clients, including USAA, Chase Manhattan, Citibank, GTE, General Motors, Ford Motor Company, Vanguard Funds and others. He specializes in companies in the financial services, transportation, medical services and high-tech industries. He has also been a director at Symantec Corp. and CISO for Temple University and for Bell Canada's Teleglobe.