Information security poses a major challenge to the widespread adoption of cloud computing, yet the Cloud Security Alliance, an association of cloud stakeholders, sees the cloud as a provider of information security services.
Before entering a contract with a cloud computing vendor, it pays to do your homework on key privacy and security issues, three experts advise. They suggest demanding transparency into the details of all cloud operations.
Organizations entering into a contract with a cloud computing vendor need to have a clear understanding of how the vendor operates before signing off on their services, says Chris Witt of Wake Technology Services Inc.
Organizations eager to take advantage of cloud computing need to take a step back and consider many critical privacy and security issues, says Feisal Nanji, executive director at the security consulting firm Techumen.
"The more that you could focus in on computer science topics, to understand programming, network-based technology and mobile-based technology, the better off you're going to be," says Rob Lee of SANS Institute.
The Department of Veterans Affairs is seeking advice from cloud computing vendors on the feasibility of using commercial software-as-a-service collaborative tools that eventually could meet the needs of all of its 134,000 medical personnel.
ISACA's Marc Vael says differences in cloud computing environments and cloud providers can pose security risks. But well thought-out contracts and risk-management plans can fill potential security gaps and ensure business continuity during outages and disasters.
Before entering a contract with a cloud computing company, organizations should consider three critical issues, says Feisal Nanji, executive director at the security consulting firm Techumen.
The General Services Administration expects the cloud-based system will reduce e-mail operation costs by 50 percent and save more than $15.2 million over the next five years.
Performing digital forensics in the cloud isn't necessarily a new discipline, says Rob Lee of SANS Institute. But the task definitely requires a whole new mindset and some new skills from investigators.
Social media, mobility and cloud computing are new areas of risk for organizations, and risk managers need to go back to the fundamentals of understanding the information they are protecting, says Robert Stroud, ISACA's international vice president.
Emerging technology is often touted for enhancing security. But if not properly deployed and integrated, these technologies can hinder rather than improve security.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.