Perceptions and Realities of Cloud Security
A new survey suggests that access policies could use a little work.
There's a temptation when it comes to security in the cloud to limit the conversation to firewalls and the security paraphernalia that gets deployed at the edge of the network. But in reality, the conversation about security in the cloud needs to go much deeper than that.
When it comes to cloud security what customers are concerned about most is the security of their data. They want to know that employees working for the cloud services provider are not accessing sensitive data in violation of any number of compliance requirements. And they want to know that no other company that is accessing shared IT infrastructure can see their information.
To help move the cloud security providers further along in their understanding of these issues, the Cloud Security Alliance (CSA) has come up with a stack of free governance, risk management and compliance (GRC) tools that cloud service providers or their customers can download here.
According to CSA executive director Jim Reavis, the organization wants to first make sure that the cost of GRC tools is not a limiting factor when it comes to cloud security. The CSA clearly recognizes that data security is a major customer issue when it comes to the cloud.
But longer term, Reavis says GRC issues in the cloud don't stop at the edge of the cloud computing service provider's network. In the near future, GRC will itself become a cloud computing service that encompasses the applications and systems running in the cloud and on premise.
Reavis says the tools that CSA is providing are not meant to be the ultimate GRC solution. But the CSA does want to set some minimum guidelines for assessing data security in the cloud.