Menu
Cloud providers working on ways to prove they warrant trust

Cloud providers working on ways to prove they warrant trust

NEW YORK -- Finding a way to verify security within cloud provider networks is essential but won't be easy, a cloud security expert told attendees at the Security Standard conference.

Trusted Computing Group eyes cloud security framework

Customers need to know how data is protected, where it resides and whether it can be transferred to another provider if need be are at odds with providers' need to keep their security measures secret, said Vincent Campitelli, vice president of IT risk management at consulting firm McKesson Corp.

Providers simply don't have the resources to allow each customer to inspect their networks and perform periodic audits, he said. "That's an unsustainable mode."

On the horizon are new models for checking out provider networks that are just being talked about, he said, including the notion of an "uber cloud" service provider that has vetted the security, infrastructure and standards of an array of cloud providers and can attest that they comply with standards.\

Those standards have yet to be formulated and would have to meet customer requirements, he said, but they may emerge from work being done by the Cloud Security Alliance.

Traditional third-party assessment of physical networks won't work in cloud environments, Campitelli said, because the assessors aren't qualified to assess cloud architectures. "They need tools and new skills," he said.

A more attainable goal is services that would allow customers to manage security configurations, audit logs and self-manage services. They would also be able to impose data leak prevention measures, perform patching of applications and execute vulnerability analysis of the services they buy, he said.

But even that wouldn't be ideal. "How do you know the tools work and do what they say they'll do?" he asked. "Providers need to have customers gain confidence in these tools."

Another speaker at the conference said that information needed to make good decisions about cloud security isn't generally available from the service providers. "Data you're likely to want is not available, and if it is available, it's not available to you," said Warren Axelrod, research director for financial services with United States Cyber Consequences Unit, a private consultancy.

The risks that customers want to know about aren't new, they're just in a new environment where it's difficult to assess them. "They're not new risks; they're a new representation of them," Axelrod said.

That poses a problem for corporate IT security professionals pressured to approve use of public cloud services because they are so much less expensive than traditional in-house infrastructure deployments. But that means losing control over data."If you lose control, you still get the blame. That's what regulators tell you," he said. "It's tough to be responsible without having the control."

The best course is for corporate teams of IT security and legal experts to assess the downsides of data compromises and then only submit data whose value is low enough that if it is compromised, the costs are bearable, he said.

Read more about data center in Network World's Data Center section.


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags Configuration / maintenanceMcKessonsecuritycloud securityhardware systemsTrusted Computing GroupData Centercloud computinginternet

Featured

Slideshows

Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
HP re-imagines education through Auckland event launch

HP re-imagines education through Auckland event launch

HP New Zealand held an inaugural Evolve Education event at Aotea Centre in Auckland, welcoming over 70 principals, teachers and education experts to explore ways of shaping and enhancing learning using technology.

HP re-imagines education through Auckland event launch
Reseller News ICT Industry Awards 2017 - Meet the winners...

Reseller News ICT Industry Awards 2017 - Meet the winners...

Reseller News honoured the industry’s finest on a standout evening for the New Zealand channel, recognising the achievements of established and emerging partners on a memorable night in Auckland.

Reseller News ICT Industry Awards 2017 - Meet the winners...
Show Comments