Menu
Cloud providers working on ways to prove they warrant trust

Cloud providers working on ways to prove they warrant trust

NEW YORK -- Finding a way to verify security within cloud provider networks is essential but won't be easy, a cloud security expert told attendees at the Security Standard conference.

Trusted Computing Group eyes cloud security framework

Customers need to know how data is protected, where it resides and whether it can be transferred to another provider if need be are at odds with providers' need to keep their security measures secret, said Vincent Campitelli, vice president of IT risk management at consulting firm McKesson Corp.

Providers simply don't have the resources to allow each customer to inspect their networks and perform periodic audits, he said. "That's an unsustainable mode."

On the horizon are new models for checking out provider networks that are just being talked about, he said, including the notion of an "uber cloud" service provider that has vetted the security, infrastructure and standards of an array of cloud providers and can attest that they comply with standards.\

Those standards have yet to be formulated and would have to meet customer requirements, he said, but they may emerge from work being done by the Cloud Security Alliance.

Traditional third-party assessment of physical networks won't work in cloud environments, Campitelli said, because the assessors aren't qualified to assess cloud architectures. "They need tools and new skills," he said.

A more attainable goal is services that would allow customers to manage security configurations, audit logs and self-manage services. They would also be able to impose data leak prevention measures, perform patching of applications and execute vulnerability analysis of the services they buy, he said.

But even that wouldn't be ideal. "How do you know the tools work and do what they say they'll do?" he asked. "Providers need to have customers gain confidence in these tools."

Another speaker at the conference said that information needed to make good decisions about cloud security isn't generally available from the service providers. "Data you're likely to want is not available, and if it is available, it's not available to you," said Warren Axelrod, research director for financial services with United States Cyber Consequences Unit, a private consultancy.

The risks that customers want to know about aren't new, they're just in a new environment where it's difficult to assess them. "They're not new risks; they're a new representation of them," Axelrod said.

That poses a problem for corporate IT security professionals pressured to approve use of public cloud services because they are so much less expensive than traditional in-house infrastructure deployments. But that means losing control over data."If you lose control, you still get the blame. That's what regulators tell you," he said. "It's tough to be responsible without having the control."

The best course is for corporate teams of IT security and legal experts to assess the downsides of data compromises and then only submit data whose value is low enough that if it is compromised, the costs are bearable, he said.

Read more about data center in Network World's Data Center section.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securitycloud securitycloud computinginternetData Centerhardware systemsConfiguration / maintenanceMcKessonTrusted Computing Group

Featured

Slideshows

Ingram Micro maintains Showcase 2018 momentum in Wellington

Ingram Micro maintains Showcase 2018 momentum in Wellington

Ingram Micro maintained Showcase 2018 momentum in Wellington, hosting more than 40 vendors at TSB Arena. Under the banner of Leading the Way, the event demonstrated what’s new, what’s next and how it can be used to improve business and everyday life.

Ingram Micro maintains Showcase 2018 momentum in Wellington
Ingram Micro launches Showcase 2018 in Christchurch

Ingram Micro launches Showcase 2018 in Christchurch

Ingram Micro kickstarted Showcase 2018 in Christchurch, hosting more than 40 vendors at Horncastle Arena. Under the banner of Leading the Way, the event demonstrated what’s new, what’s next and how it can be used to improve business and everyday life.

Ingram Micro launches Showcase 2018 in Christchurch
Data breach notification laws in NZ: How can partners prepare?

Data breach notification laws in NZ: How can partners prepare?

This exclusive Reseller News Roundtable outlined the responsibilities facing security partners today, assessing risk while evaluating the role of the vendor in providing added layers of protection.

Data breach notification laws in NZ: How can partners prepare?
Show Comments