Speaking in a panel debate at the (ISC)2 conference that had a theme of 'Have we got the balance right – people, process and technology?', a question was asked from a delegate on whether virtualisation could cause more or fewer vulnerabilities.
James Rendell, UK technical manager, IBM ISS, claimed he was something of a cloud-sceptic and he said that people he had talked to about the cloud option saw it as more of a solution, while he though of it as a resource.
Rendell said: “It will either change things or it won't. If people store personal data on a server or in a data centre then we have some concept of where it exists but with the cloud it does not apply, you have not got a clue where it is executed.
“If it were like speeding or a parking ticket then maybe our attitudes may change, and then people may use cloud services in a different way. But if people think about privacy it is hard to predict what future generations may do, for now it may host some relatively straightforward areas such as email hosting but there is some suspicion.”
Jason Creasey, head of research at the Information Security Forum, said: “The vulnerabilities in the cloud are great in the short term, but in the long term we'll all be using it. It is a case of two versus ten years, in two years it will still be insecure but in ten years we won't even notice it. It will improve over time but could be a step towards big brother.”
Mark Logsdon, deputy head of information risk management at Barclays, asked what the concept of a cloud is, as the phrase can mean different things to different people. “But there are issues that I need clearance on. Where is the management in the cloud? There are huge issues that we need to think about and maybe the answer is not to put all your stocks into the cloud,” said Logsdon.