Home > Cloud Computing, Cloud Security, Cloud Security Alliance, CloudAudit, Compliance > I’ll Say It Again: Security Is NOT the Biggest Barrier To Cloud…

I’ll Say It Again: Security Is NOT the Biggest Barrier To Cloud…

Cloud computing icon
Image via Wikipedia

Nope.

Security is not the biggest barrier to companies moving to applications, information and services delivered using cloud computing.

What is?

Compliance.

See Cloud: Security Doesn’t Matter (Or, In Cloud, Nobody Can Hear You Scream) and You Can’t Secure The Cloud…

That means what one gives up in terms of direct operational control, one must gain back in terms of visibility and transparency (sort of like www.cloudaudit.org)

Discuss.

/Hoff

Enhanced by Zemanta
  1. December 6th, 2010 at 18:20 | #1

    Here here!

  2. December 7th, 2010 at 09:14 | #2

    You make a good point given that "security" is too generic of a term these days. Company X may only be processing public information in the cloud and therefore they have no compliance barrier–on the other hand company Y may be looking to process credit card information and therefore the DSS imposed by the PCI may be a barrier to public cloud computing… although Amazon just recently announced PCI DSS 2.0 Validated Service Provider Status: http://aws.typepad.com/aws/2010/12/aws-achieves-p

  3. RoarinPenguin
    December 7th, 2010 at 20:38 | #3

    Hello Holf. While respecting at full your opinion, I partly disagree.

    You certainly make a good point about both operational control difficulty and compliance to newcoming documents such as PCI 2.0 or other standards… but we should remember that after all everything is regulated by a contract and a SLA.

    Hence IMHO it should be rather easy for the wannabe cloudified company to clearly define roles and responsibilities concerning audit and level of control the company wants to achieve.

    And I strongly believe that richness of offer we'll see soon and good old competition will make it happen.

    Another point is security. While agreeing with Matt Chiodi that security is way too generic, I recently wrote few articles on the blog of the company I work for (hence this is a sort of implicit disclaimer ;) about how you should read the contents of the article) where I talk of security of the access.

    I believe security of the access to the cloud is really one of the biggest "brakes" cloud computing is facing now… and it is a quite well defined branch of security.

    Naturally this is a perspective I've identified from wannabe cloudified company… therefore feel free to comment and express other opinions…

    References to the articles, from oldest to newest:
    http://stoneblog.stonesoft.com/2009/12/text-my-achttp://stoneblog.stonesoft.com/2010/02/enabling-chttp://stoneblog.stonesoft.com/2010/04/if-we-resthttp://stoneblog.stonesoft.com/2010/10/how-to-str
    Thanks for your attention.

  1. December 6th, 2010 at 21:26 | #1
  2. December 7th, 2010 at 09:25 | #2
  3. December 23rd, 2010 at 09:34 | #3
  4. December 27th, 2010 at 07:46 | #4
  5. January 26th, 2011 at 13:28 | #5
  6. January 30th, 2011 at 12:56 | #6