Cloud // Software as a Service
News
10/21/2010
12:28 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%
Repost This

Interop: Cloud Security Remains A Sticking Point

At Interop New York, experts tackle the state of cloud computing security, and hear that IT departments want increased visibility into the capabilities of service providers.

How significant are the risks around cloud computing services? And who bears responsibility -- service provider or customer -- if something goes wrong?

At the Interop New York conference on Wednesday, a panel of cloud experts failed to reach consensus on those important questions. Their discussion, in a session titled "Is Cloud Security Risk Overstated?" underscored that key issues around cloud security and risk have yet to be resolved.

Oren Michels, CEO of Mashery, a provider of API management services that uses Amazon Web Services (AWS), said that F.U.D. -- fear, uncertainty, and doubt -- over cloud security continues to cause some companies to proceed cautiously. Despite such wariness, Michels said he was unaware of any data breaches that could be attributed to a compromised virtual server in the cloud.

Steve Riley, senior technical program manager with AWS, said that Amazon, with its multiple data centers and sophisticated redundancy capabilities, is generally able to provide a higher level of data security than many businesses can from their own data center.

However, several attendees questioned whether cloud vendors are doing enough to gain the trust of IT departments that are evaluating their services. "How transparent are you when customers come in and really want to understand how you do things?" asked one IT manager.

Amazon, for example, doesn't let customers tour its data centers to get a first hand view of its security practices, said Michels. Riley acknowledged that even he – a senior technical program manager for AWS – isn't allowed into Amazon's data centers.

"I want visibility -- clarity -- into their security" capabilities, said one attendee. Riley told the audience that Amazon's security "is better than yours." That drew a quick response from the same attendee, who was unconvinced: "I don't know that."

Panel moderator Drew Bartkiewicz, CEO of CyberRiskPartners, pointed to an escalation in the "consequences" of data breaches and said that cloud security "isn't as good as we think." He said the industry hasn't worked through the issue of "who absorbs the cost of failure" when data breaches lead to multimillion-dollar business losses. Cloud service level agreements generally don't cover a customer's financial losses, he added.

"Why do we think that litigation will not find its way into what we do?" asked Bartkiewicz, whose company offers cyber insurance through its "hedging platform."

However, the idea of insuring cloud services to protect against significant business loss drew only modest interest from attendees, who seemed more focused on avoiding mistakes in the first place.

Blade servers are coming into their own, especially as part of virtualization projects. Also in this new, all-digital InformationWeek supplement: Want really cool blades? Total liquid submersion systems deliver. Download the supplement here (registration required).

Comment  | 
Print  | 
More Insights
The next wave in APM
The next wave in APM
Find out how to get the benefits of application monitoring while avoiding the complexity and performance headaches.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.