Perceptions and Realities of Cloud Security
A new survey suggests that access policies could use a little work.
There's a growing consensus that holds that governance, risk management and compliance (GRC) are going to be delivered more cost effectively via the cloud for all the same reasons that we are now beginning to see security services delivered via the cloud.
The only real question is how long will it take to get these types of services off the proverbial "ground"? Agiliance late last week became one of the first GRC vendors to launch a cloud computing service with the unfurling of RiskVision Cloud Risk Management Services that includes a set of controls developed by the Cloud Security Alliance.
According to Arti Raman, vice president of products and alliances, it may still take a while before customers are ready to deploy GRC as a service in the cloud. But given the compelling economics and the lack of core GRC skill sets in most organizations, it's only a matter of time.
Agiliance is delivering a set of services that can be used to secure IT environments that are running in the cloud, or be used to manage on-premise systems via the cloud, said Raman.
Most of the major GRC vendors are working towards delivering their own cloud services in 2011. The good news is that as GRC becomes more affordable and accessible, the more secure our collective IT environments should become. This is because while anti-malware and firewalls are critical security tools for dealing with external threats, there's no doubt that internal threats are more damaging.
Unfortunately, as evidenced by the recent WikiLeaks scandal, far too many IT organizations still don't have any effective GRC policies in place. But hopefully with the advent of GRC in the cloud in 2011, all things GRC will be dramatically improved by this time next year.