This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Clarity sought inside the cloud

Share this article:

Mobile and cloud security, along with insider threats continued to dominate concerns over the past 12 months -impacted by the increased attention resulting from the Snowden revelations and concerns about back doors - but despite these concerns, this year the cloud really did become pervasive.

Editorial: Help us keep SC at the cutting edge
Editorial: Help us keep SC at the cutting edge
With this year-end edition, one can't help but reflect on the past 12 months. With its twists, turns and both unexpected and perhaps not-so-unexpected happenings, it's been one interesting ride.

Mobile and cloud security issues continue to plague us all, while the old threat of insiders seems to be riding a new wave of attention as the Snowden/NSA debacle still clamours for attention. Cyber attacks, be they bank fraud or APTs, remain confounding to many, while regulatory compliance mandates constantly vie for the attention of the masses.

The cloud and APT figure large in this issue, and while the metaphor of a cloud for off-site data storage works well to suggest something pervasive and all-encompassing, the analogy is less appropriate for cloud security. Clearly the characteristics that make cloud computing so useful – access to data and apps from anywhere, from any device, by anyone – are the same factors that pose challenges for the CISO.

Added into the mix are NSA backdoors, though as Jes Breslaw explains (page 34), even without PRISM, governments can demand access to your servers. Breslaw emphasises that companies can take a differentiated approach to data, suggesting it is key that organisations should be able to mix and match between public, private or hybrid cloud deployments.

Certainly, the benefits of the cloud are such that the world is rapidly following US uptake. It is increasingly seen as particularly useful for disaster recovery and business continuity planning (page 24). This is especially so for SMEs, which find it more difficult to justify on-premises resources. The need to constantly update to overcome new threats remains, and in IQ (page 6) we advise on how you should assess cloud security. At Birmingham Metropolitan College (page 12) the solution is IBM's SmartCloud environment to deliver services within a seamless learning ecosystem where security was a priority in implementation.

Paul Swarbrick, former CISO at NATS, explains that there are changing demands on the role from employers (page 14). CISOs are moving from being reactive to proactive as the role transitions from operational to more management and control, and from being primarily networking specialists to understanding and advising on both technical and business security issues to reduce risk.

Moving up the risks charts is APT – advanced persistent threats – where the challenge is to get the right balance between threat protection and cost (page 20). However, the danger is real and there are actions that can be taken to reduce vulnerability, which need to be clearly explained to management.

Despite the sometimes challenging times we face, we can always look to new beginnings to bolster us. One such happy turn is the arrival of SC UK's editor-in-chief Tony Morbin. A seasoned journalist, Tony will help re-energise our various editorial products. You can find out more about him on our website and, no doubt, will get to know him as he starts reaching out to all of you.

Illena Armstrong, VP, editorial, SC Magazine

Share this article:
close

Next Article in Opinion

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in Opinion

All your vulnerabilities belong to us: The rise of the exploit

All your vulnerabilities belong to us: The rise ...

The growing impact of web exploits isn't just limited to the enterprise market and must be countered on an industry-scale, says Pedro Bustamante.

Is your organisation ready for the next generation of millennials?

Is your organisation ready for the next generation ...

A different attitude to privacy and security among many new workplace entrants is a potential risk that has to be managed says Chris Sullivan.

Why we need a tighter framework for social engineering penetration testing

Why we need a tighter framework for social ...

Protect against real-world threats and test the most likely scenarios using relevant models, including low-tech, says Gavin Watson.