ZDNet Australia's first Tough Talk panel discussion — Is the Cloud Secure Enough for Business? — was held on 18 May at AusCERT on the Gold Coast.
Panellists included Longhaus and Business Aspect board member Sam Higgins, IBRS analyst James Turner, NetWitness chief security officer Eddie Schwartz, Kaspersky CEO Eugene Kaspersky, and columnist and techspert Stilgherrian. The panel was hosted by ZDNet Australia's editorial director Brian Haverty.
Stilgherrian believed that the cloud security conversation needed to be relative to what security firms already had today rather than "some ideal set-up". That is, that the cloud's security might be better than what the organisation has, but might not be perfect.
Kaspersky agreed that there was no such thing as being completely secure. "I will believe in aliens, but not security," he said.
The panellists pointed out that 90 per cent of cloud was best understood as outsourcing, and should be treated as such. The organisation moving to cloud has to either check or trust that the vendor is carrying out the correct reliability and security procedures to protect services and data, and by no means just assume that because the data is in the cloud, it doesn't have to worry.
Stilgherrian said that every information security expert he'd talked to on the subject of cloud security had emphasised how important contracts are to keep vendors accountable, while other panellists said that organisations needed to make sure that they were auditing their supplier rather than taking their marketing at face value.
"When you talk about cloud in terms of what buyers need to understand, you do need to know how it's architected, you do need to know what the identity management strategy is," Higgins said.
"I don't think we should ever let anyone say 'oh, it's cloud so we can just sort of let all of that go'."
Higgins believed that cloud vendors would eventually rely on Intel Inside-type branding, where the users wouldn't understand the ins and outs of the technology, but would trust the brand.