Interop: Cloud services take a beating in debate over security

Cloud services are not secure enough for businesses to use, or at least that was the conclusion drawn by attendees of an Interop debate, although all of the participants acknowledged the real answer was more subtle.

Under the rules of the Oxford-style debate, the side that swayed more audience members to its position won, and in this case eight who initially said they thought clouds were secure changed their minds after hearing the arguments.

BACKGROUND: Road map to the public cloud 

Allen Allison, the CSO of cloud provider Navisite, not surprisingly took the side that the cloud is secure. His argument was that security on par with what a business can provide itself is a necessity if providers want to survive. "Cloud providers have to incorporate the same type of security," he says. "If we couldn't do that, we couldn't have a cloud industry."

Also arguing for the safety of the cloud was Frank Kenney, vice president of global strategy for IPswitch FT, a managed file-transfer service. Cloud customers have the obligation to assess the risk of allowing data to be stored in a cloud based on how valuable it is to the customers. "Think of the business ramifications for your business if you believe there may be a problem," he says. "The cloud is as secure as you want it to be."

Hot products at Interop

Ravi Rajogopal, vice president of cloud strategy for CA, cited the growing number of records compromised by data breaches over the past six years as a demonstration that risk is just too high to trust data to a provider.

Also speaking against clouds being secure was a John Pironti, president of IPArchitects security consultancy, who says customers can't get enough information out of cloud providers to make informed decisions about risk. "Clouds won't give you transparency," he says. "You don't get to see the controls."

He says 90% of breaches that disrupt businesses involve insiders, and that should be extrapolated to cloud providers. "If the cloud's so secure, why can't we verify?" he says.

Cloud services also expand risk to a customer's data, he says. If someone is angry with another customer who uses the same service and attacks the network to get at that one customer, all the customers are taken down as a result, Pironti says.

Kenney says cloud services can provide value if performance and service-level agreements align with what customers need. If not, customers shouldn't buy them. "It's not 'the sky is falling,'" he says. "Assign risks appropriately. Security is just one of many things you have to do."

Interop history quiz

Pironti says that criminals seeking to break into clouds laugh at Cloud Security Alliance recommendations about security and at payment card industry standards to protect credit card data. Shared management of customer accounts is the only type of transparency that providers offer, and it isn't enough, he says.

But Kenny argues that the benefits of using cloud services and market forces driving sound security will win customers over. Security will no longer be a worry. "In a year, you won't care," he says. "It's a free market system. Everything seeks its own level."

Read more about data center in Network World's Data Center section.

Join the CSO newsletter!

Error: Please check your email address.

Tags Configuration / maintenancehardware systemscloud computinginternetData Center

More about Amazon Web ServicesCA TechnologiesGartnerInterop

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place