Menu
Cloud providers working on ways to prove they warrant trust

Cloud providers working on ways to prove they warrant trust

NEW YORK -- Finding a way to verify security within cloud provider networks is essential but won't be easy, a cloud security expert told attendees at the Security Standard conference.

Trusted Computing Group eyes cloud security framework

Customers need to know how data is protected, where it resides and whether it can be transferred to another provider if need be are at odds with providers' need to keep their security measures secret, said Vincent Campitelli, vice president of IT risk management at consulting firm McKesson Corp.

Providers simply don't have the resources to allow each customer to inspect their networks and perform periodic audits, he said. "That's an unsustainable mode."

On the horizon are new models for checking out provider networks that are just being talked about, he said, including the notion of an "uber cloud" service provider that has vetted the security, infrastructure and standards of an array of cloud providers and can attest that they comply with standards.\

Those standards have yet to be formulated and would have to meet customer requirements, he said, but they may emerge from work being done by the Cloud Security Alliance.

Traditional third-party assessment of physical networks won't work in cloud environments, Campitelli said, because the assessors aren't qualified to assess cloud architectures. "They need tools and new skills," he said.

A more attainable goal is services that would allow customers to manage security configurations, audit logs and self-manage services. They would also be able to impose data leak prevention measures, perform patching of applications and execute vulnerability analysis of the services they buy, he said.

But even that wouldn't be ideal. "How do you know the tools work and do what they say they'll do?" he asked. "Providers need to have customers gain confidence in these tools."

Another speaker at the conference said that information needed to make good decisions about cloud security isn't generally available from the service providers. "Data you're likely to want is not available, and if it is available, it's not available to you," said Warren Axelrod, research director for financial services with United States Cyber Consequences Unit, a private consultancy.

The risks that customers want to know about aren't new, they're just in a new environment where it's difficult to assess them. "They're not new risks; they're a new representation of them," Axelrod said.

That poses a problem for corporate IT security professionals pressured to approve use of public cloud services because they are so much less expensive than traditional in-house infrastructure deployments. But that means losing control over data."If you lose control, you still get the blame. That's what regulators tell you," he said. "It's tough to be responsible without having the control."

The best course is for corporate teams of IT security and legal experts to assess the downsides of data compromises and then only submit data whose value is low enough that if it is compromised, the costs are bearable, he said.

Read more about data center in Network World's Data Center section.


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags securitycloud securitycloud computinginternetData Centerhardware systemsConfiguration / maintenanceMcKessonTrusted Computing Group

Featured

Slideshows

Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Show Comments