09
Dec

Cloud Security Alliance Survey Highlights Trust Issues in the Cloud

Posted by Michael Vizard
Michael Vizard
Mike has more than 25 years of experience covering IT issues in a career that in
User is currently offline
in Cloud Security


There’s a lot debate these days concerning the merits of cloud computing.

Some folks argue that cloud computing is inherently more secure because the resources are centralized and the collective expertise of those managing cloud security is far greater than what the average IT organization can avail itself to.

survey-270Others, however, believe there is no such thing as absolute security, and the centralization of IT assets just creates a larger target for hackers.

A new survey of 45 cloud computing service providers sponsored by Trend Micro and conducted by the Cloud Security Alliance (CSA) finds the truth, not surprisingly, is somewhere in the middle. Although the vast majority of the cloud service providers (CSPs) provide end-to-end encryption capabilities, only about two-thirds give customers any ability to audit security controls. And when it comes to data governance practices, the survey makes it clear there is still a lot of work to be done.

Fingerlink-Cloud Security

Jim Reavis, executive director for CSA, says the survey shows cloud security in general is better than many people seem to think. The real question is whether cloud security has simply become a red herring issue for those who fear cloud computing because of issues that have nothing to do with security, or those who simply don’t have any faith in the security practices of the CSPs.

  • Slide01
  • Slide02
  • Slide03
  • Slide04
  • Slide05
  • Slide06
  • Slide07
  • Slide08
  • Slide09
  • Slide10
  • Slide11
  • Slide12
  • Slide13
  • Slide14
  • Slide15
  • Slide16
  • Slide17
  • Slide18

In either case, Reavis says the issue of cloud security won't be put to bed until CSPs provide more transparency into their security controls. And many customers won't trust CSP security until formal cloud security certifications exist. In the meantime, CSA has put created some voluntary guidelines for CSPs to follow, but a CSP claiming to adhere to those guidelines is not nearly the same thing as passing a third-party audit.

No matter whether it’s a matter of perception or reality, security is clearly the single-biggest issue holding back the adoption of cloud computing. The challenge going forward, Reavis says, is finding ways to establish verifiable trust in CSP security.

Tags: audit, cloud computing, cloud security, Cloud Security Alliance, cloud service provider, CSA, CSP, encryption, security controls, Trend Micro

Comments

No comments made yet. Be the first to submit a comment

Leave your comment

Guest
Guest Saturday, 19 May 2012