• Home
• About
• RSS
• Get in touch

Securing The Cloud

The ‘Cloud’, it seems to be the buzzword for 2009 with everybody looking to offer services in the cloud to enable you to do more for less. But… there are a couple of things that really need to be sorted out before we all rush off and put everything we own out there in the cloud.

The first is availability, does your cloud service offer appropriate availability – if it stops, will your business also stop? We know that Service Level Agreements are there to make lawyers rich, if email is down or your web store is down then you won’t have access to your customers and neither will they have access to you – but this has always been the case. So… before rushing to put business critical processes in the cloud, check on availability, and while you are there see how easy it would be to move from one cloud service provider to another… just in case…

The second and more importantly is security. Business in the cloud will be different, your sensitive and/or confidential data will potentially be handled by more people and therefore introduce more risk. If not secured your data could go missing and cause a data leak incident, or perhaps it could be sold to your competitors by the service administrator. Business in the cloud can be quick, perhaps ‘renting’ a service for only a few hours to process some data, or maybe using a service for many years, the point is that the cloud provides greater flexibility – but it needs your data to run. But what about the data – will it be properly secured, will it be looked after in the same way that you would look after it? The answer is… probably not, and that’s where The Jericho Forum comes in.

This week Jericho has announced its latest version of the Collaborative Open Architecture materials – which has been expanded to include many more detailed white papers and it also announced its next phase – securing the cloud. I have worked with the Jericho Forum for a few years now and it is a unique forum in that it has customers, IT vendors and systems integrators all meeting together regularly – hashing out the security problems that arise in the new ways of working and then collaborating on solutions. From my perspective its amazing to see how far some of the customers want to push the bounds of new work processes with cloud computing top of the list. That’s what makes it exciting. I’m quite sure that the majority of companies today would look at some of this and say “wow, that’s way too complex for me” or “no, it seems like something specific to such-and-such industry” or “we’re way too small to consider that”… but the truth is that we will all move towards it in 3-5 years, this is the bleeding edge of business today, which means it will be the defacto standard way of doing things tomorrow. Just look at how Internet shopping has evolved or the way most companies handle CRM today.

Security in the cloud and in collaboration architectures has yet to be solved in a rigorous manner and without it the new business processes will never succeed – so even if you don’t think this is of interest yet – but you think ‘the cloud’ is for you – then take a look, it will provide you with some thought provoking questions you can ask your cloud or any other service providers.

comments

• Connect with us



• Get Email Updates

• Recently Posts

  • Spam is decreasing. Is it the beginning of the end for e-mail?
  • Taming the tablet
  • Free Wifi: Why do we trust it?
  • The true cost of a data breach (Part Two)
  • The true cost of a data breach
  • The Ultimate Combination – Information Protection with Visibility and Audit
  • Gaining Access Control
  • O3 –Control in the cloud
  • Mobile adoption has reached the tipping point, but businesses accept it’s time for a security reality check
  • The internet explodes with gTLDs

• Pages

  • announcements
  • Application
  • Availability
  • backup
  • botnet
  • Cloud computing
  • Complexity
  • Compliance
  • Consumerization
  • cyber-crime
  • data centre
  • data-loss
  • Denial of service
  • disaster recovery
  • Education
  • Green IT
  • impersonation
  • Information Policy
  • Insider
  • IT equipment
  • Miscellaneous
  • misleading applications
  • Patching
  • Phishing
  • Regulation
  • Reputation
  • SaaS
  • security
  • small business
  • Social Media
  • Spam
  • Speaking
  • Storage
  • trojan
  • Uncategorized
  • Virtualization
  • Virus

• Blogroll

  • Ask Marian Consumer Security Blog
  • Bruce Schneier’s Blog
  • Con Mallon’s Symantec Consumer Blog
  • Gareth’s BE Blog
  • Get Safe Online (The Blog)
  • Gizmodo Gadget Blog
  • Jonathan Schwartz’s Blog
  • Phil Windley’s Technometria
  • Security Bloggers Network
  • Symantec French contributor - A blog from the French pen of Laurent Heslault
  • Symantec Guide to Scary Internet Stuff – Botnets
  • Symantec Guide to Scary Internet Stuff – Drive-by downloads - Video explaining the latest security threats in simple terms, on drive-by downloads
  • Symantec Guide to Scary Internet Stuff – No 5 Rogue AV
  • Symantec Guide to Scary Internet Stuff – No 6 Denial of Service Attacks
  • Symantec Guide to Scary Internet Stuff – No7 Pests on your PC
  • Symantec Guide to Scary Internet Stuff – No8 Losing your Data
  • Symantec Guide to Scary Internet Stuff – Phishing
  • Symantec Guide to Scary Internet Stuff – Underground Economy
  • Symantec podcast channel - A channel of podcasts on current security and availability topics from the experts at Symantec
  • Toby Stevens’ Data Trust Blog