Infosecurity Europe: Cloud products remain a concern, as users need to consider outsourced risk factors
One of the most prominent topics of security has been discussed with concerns raised about the risk factor when it comes to cloud computing.
In a keynote presentation on risk, Paul Simmonds, global IS integrated assurance director at AstraZeneca and Jericho Forum board member, claimed that there were concerns about cloud adoption because products are now being marketed ‘with added cloud'.
Moderator Raj Samani, vice president of communications at the ISSA, began by asking the panel, which also contained co-founder and executive director of the Cloud Security Alliance Jim Reavis, if there were security concerns when it came to cloud adoption? Simmonds said: “Anything with security concerns should be kept under wraps, but with that class of data you would not be putting it into the cloud.”
Samani commented that while security is a concern, cloud products are not being classified as secure from day one. Reavis said: “People are looking to innovate and security is part of that. Does Steve Jobs lay awake at night worrying about the security of his products, or does he worry about the next million sales of his next device?
“We need to evaluate the definition of cloud, but there is private and public clouds and now infrastructure-as-a-service, and with cloud products it is your job to put security in it.”
Samani commented that businesses should use the cloud as it has huge benefits but there needs to be thought on how it is being used in a business context. “It is risk, and doing risk assessment on your data,” he said. “Just because you put it in a cloud environment, the risk still belongs to your business.”
He later asked for a show of hands from delegates on how many companies are not using the cloud, and only a few hands were raised. He then asked how many were using any form of external company, again only a few hands were raised, but when he asked how many were outsourcing, most of the audience responded.