Lora Bentley spoke with Matthew Gardiner, product marketing director for CA Security Management, about the company's decision to join the Cloud Security Alliance. (For more on cloud security, see Mike Vizard's post over at CTO Edge.)
Bentley: How long has the Cloud Security Alliance been around?
Gardiner: The Cloud Security Alliance is about six months old, and as the name implies, it's focused on the cloud, but specifically on the security issues and education and standards and best practices that are needed.
"... there are a lot of rational and irrational fears associated with the cloud ..."
Bentley: Who are its target members then?
Gardiner: It's a consortium; it's not a standards group, so it's trying to draw in the organizations that have a part to play. So it's security vendors and those who use the cloud as well as those who are hosting the cloud service. It's a place where we can kind of get together and address the issues.
Bentley: And CA joined because it's a major security vendor?
Gardiner: We're very focused on the identity and access management portion of security, which is an area of the cloud that I would say is somewhat underserved and misunderstood. So we hope to both understand more by joining these kinds of groups and taking part, and to contribute our expertise as far as identity and access management to the group.
Bentley: We've read before that cloud computing creates serious compliance issues. How do you respond to that?
Gardiner: Well, there are a lot of rational and irrational fears associated with the cloud, and there's some uncertainty and unknowns that are real, so that drives some of the response that you're seeing.
Specifically to compliance, however, it is quite clear that enterprises are responsible for compliance when handling the data for the services that they own; whether they outsourced the work to someone else or not is not the regulators' concern. So there's the reality that you're responsible either way, and even if the regulator allows you to outsource the work, they're still going to hold you responsible.