Security will be used by cloud providers as a demonstrator of their capabilities.
Last week Gartner Research vice president Mark Nicolett claimed that monitoring internal and external interception inside outsourced applications is a major challenge when it comes to outsourcing applications.
He said that security managers need to make sure that they are part of the decision for monitoring requirements and they ‘need to get the cloud application provider to generate the audit trail that you require'.
Commenting, Ed Macnair, CEO of Overtis, agreed that this can pose problems. He said: “There is no getting away from the fact that systems administrators at cloud service providers hold the keys to a lot of valuable information. Unless their activity can be adequately managed, monitored and audited, then end-user organisations simply cannot guarantee that their data is protected against insider threats.
“Privileged access management is only one part of the issue, there is a fundamental lack of monitoring and alerting offered by cloud service providers. We would urge companies to seek third party providers who are able to monitor all user activity and who can provide the audit logs to prove that capability.”
Rob Rachwald, director of security strategy at Imperva, told SC Magazine that the interesting thing with the cloud is that users agree so much upfront. He said: “It is something that you need to negotiate and I expect over time certain service providers will step up as they want government and banks as customers and will change.
“We will start to see cloud providers set themselves apart with security, to show how secure they are and how they use secure tools and use better security, use this as a feature.”