Cloud // Software as a Service
News
10/21/2010
12:28 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Interop: Cloud Security Remains A Sticking Point

At Interop New York, experts tackle the state of cloud computing security, and hear that IT departments want increased visibility into the capabilities of service providers.

How significant are the risks around cloud computing services? And who bears responsibility -- service provider or customer -- if something goes wrong?

At the Interop New York conference on Wednesday, a panel of cloud experts failed to reach consensus on those important questions. Their discussion, in a session titled "Is Cloud Security Risk Overstated?" underscored that key issues around cloud security and risk have yet to be resolved.

Oren Michels, CEO of Mashery, a provider of API management services that uses Amazon Web Services (AWS), said that F.U.D. -- fear, uncertainty, and doubt -- over cloud security continues to cause some companies to proceed cautiously. Despite such wariness, Michels said he was unaware of any data breaches that could be attributed to a compromised virtual server in the cloud.

Steve Riley, senior technical program manager with AWS, said that Amazon, with its multiple data centers and sophisticated redundancy capabilities, is generally able to provide a higher level of data security than many businesses can from their own data center.

However, several attendees questioned whether cloud vendors are doing enough to gain the trust of IT departments that are evaluating their services. "How transparent are you when customers come in and really want to understand how you do things?" asked one IT manager.

Amazon, for example, doesn't let customers tour its data centers to get a first hand view of its security practices, said Michels. Riley acknowledged that even he – a senior technical program manager for AWS – isn't allowed into Amazon's data centers.

"I want visibility -- clarity -- into their security" capabilities, said one attendee. Riley told the audience that Amazon's security "is better than yours." That drew a quick response from the same attendee, who was unconvinced: "I don't know that."

Panel moderator Drew Bartkiewicz, CEO of CyberRiskPartners, pointed to an escalation in the "consequences" of data breaches and said that cloud security "isn't as good as we think." He said the industry hasn't worked through the issue of "who absorbs the cost of failure" when data breaches lead to multimillion-dollar business losses. Cloud service level agreements generally don't cover a customer's financial losses, he added.

"Why do we think that litigation will not find its way into what we do?" asked Bartkiewicz, whose company offers cyber insurance through its "hedging platform."

However, the idea of insuring cloud services to protect against significant business loss drew only modest interest from attendees, who seemed more focused on avoiding mistakes in the first place.

Blade servers are coming into their own, especially as part of virtualization projects. Also in this new, all-digital InformationWeek supplement: Want really cool blades? Total liquid submersion systems deliver. Download the supplement here (registration required).

Comment  | 
Print  | 
More Insights
8 Steps to Modern Service Management
8 Steps to Modern Service Management
ITSM as we know it is dead. SaaS helped kill it, and CIOs should be thankful. Hereís what comes next.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.