Is cloud secure enough for business?

Is cloud secure enough for business?

Summary: ZDNet Australia's first Tough Talk panel discussion — Is the Cloud Secure Enough for Business? — was held on 18 May at AusCERT on the Gold Coast.

TOPICS: Cloud, Security

ZDNet Australia's first Tough Talk panel discussion — Is the Cloud Secure Enough for Business? — was held on 18 May at AusCERT on the Gold Coast.

Panellists included Longhaus and Business Aspect board member Sam Higgins, IBRS analyst James Turner, NetWitness chief security officer Eddie Schwartz, Kaspersky CEO Eugene Kaspersky, and columnist and techspert Stilgherrian. The panel was hosted by ZDNet Australia's editorial director Brian Haverty.

Stilgherrian believed that the cloud security conversation needed to be relative to what security firms already had today rather than "some ideal set-up". That is, that the cloud's security might be better than what the organisation has, but might not be perfect.

Kaspersky agreed that there was no such thing as being completely secure. "I will believe in aliens, but not security," he said.

The panellists pointed out that 90 per cent of cloud was best understood as outsourcing, and should be treated as such. The organisation moving to cloud has to either check or trust that the vendor is carrying out the correct reliability and security procedures to protect services and data, and by no means just assume that because the data is in the cloud, it doesn't have to worry.

Stilgherrian said that every information security expert he'd talked to on the subject of cloud security had emphasised how important contracts are to keep vendors accountable, while other panellists said that organisations needed to make sure that they were auditing their supplier rather than taking their marketing at face value.

"When you talk about cloud in terms of what buyers need to understand, you do need to know how it's architected, you do need to know what the identity management strategy is," Higgins said.

"I don't think we should ever let anyone say 'oh, it's cloud so we can just sort of let all of that go'."

Higgins believed that cloud vendors would eventually rely on Intel Inside-type branding, where the users wouldn't understand the ins and outs of the technology, but would trust the brand.

Topics: Cloud, Security

Suzanne Tindal

About Suzanne Tindal

Suzanne Tindal cut her teeth at as the site's telecommunications reporter, a role that saw her break some of the biggest stories associated with the National Broadband Network process. She then turned her attention to all matters in government and corporate ICT circles. Now she's taking on the whole gamut as news editor for the site.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • "I will believe in Aliens but not security" - How true. The idea of remote hosting is an accounting based solution that neither sees or addresses security as an "issue" except as a risk that may be managed through "contracts". Business entities that may fail, dishonour their contracts or be in breach are a reality. If the data is mission critical or the risk of disclosure unacceptable, manage the process internally with all the relevant multi redundancy processes and controls.
    Kryders law will match Moores law and if the business model is an any way sensible, the costs of smart, multi-disciplinary risk management are manageable.
    Frankly, the forensic, real time monitoring of any "cloud" application would be just as great a cost as the above. Then again, if you don't care about the data but actually just pretend to the market that you care, then cloud looks attractive.
    Of couse, if the data is so meaningless or of such little value that cloud is attractive, why is being retained?
    Robert Kennedy
  • This all depends on a number of aspects. Cloud security is too much of a broad term. WHat are you using cloud for? Critical data? Who is the cloud service provider? Do they follow best practice regulations? Are they ISO27001? Are they PCI DSS? Is their cloud service model mature? In my opinion every circumstance should be dealt with as an individual basis. There is no answer such as yes cloud is secure or no cloud is not secure, nothing is 100% secure anyway. My secure data may be better off in a secure cloud environment as opposed to being in my cabinet in the server room, at least they have 24/7 guards, anyway you get the picture there are pros and cons to both.

    Jafer - We list all IT Security Solutions from one place.