Cloud computing could be the way to address the security skills crisis, if providers can provide the right contractual guarantees, according to industry bodies in IT security
Cloud computing is an opportunity to improve security, especially in a world where security skills are in short supply, according to industry bodies in IT security.
“The first response to cloud computing has been ‘you can’t use that because it is insecure’, but it is an opportunity,” said John Colley, managing director EMEA of the information security non-profit organisation (ISC)2.
Organisations have different generations of security awareness amongst their staff, and moving to a cloud-based environment could allow them to “catch up” with current practice, while remaining secure, he said.
Google and other cloud providers have been criticised for not being open enough about issures such as where data is held, but this will change as services mature, said Colley, in a meeting at the RSA Conference in London.
Cloud might be a way forward for companies short of staff with security skills, who are transitioning to new ways of using IT, the meeting heard. Companies now have a younger generation of staff expecting to use web tools all the time who might over-share, while their older staff are in “catch-up” mode, and might make elementary security errors with unfamiliar tools.
Cloud services could provide a safe environment to prevent both these errors, the meeting heard.
“The business benefit is that you don’t have to be an IT shop. You can now have strong authentication, and full encryption,” said Prof. Howard A. Schmidt, President of the InformationSecurity Forum, a member organisation for firms concerned over data security.
ISF has addressed cloud providers over concerns raised by 300 of its members, and Schmidt has been impressed by the answers given.
“The big players will have contractual agreements that meet security needs,” said Schmidt, countering fears that cloud provider are simply telling usrs to trust them blindly..
Earlier this year, the Jericho Forum also studied the implications of cloud security. Among other issues, providers will have to provide sufficient proof o their procedures so their customers can prove they meet legal obligations.
Peter Judge recently chaired a webinar on the subject “Are Clouds Compliant?”