August 13, 2012
Bringing together the requirements for top-level security in cloud computing with ease of use for the average person can be a monumentally difficult task. According to CSO online, finding common ground for security between consumer and business side functions is plausible, but a near impossibility in the cloud's current state of maturity.
This can be seen in the cloud-based services available to consumers versus those most commonly used in enterprise environments. For example, when it comes to file sharing, Dropbox and other publicly available services are wildly popular with the public at large, but are often excluded in corporate policies.
"Consumers and businesses have very different needs and tolerances to failure," enterprise security expert Andrew Plato told CSO Online. "There are not very many [cloud] apps that have made the jump from consumer to business or vice versa."
Part of the reason for the security divide may be the fact that enforcing security measures such as stronger, hacker-resistant passwords or two-factor authentication - as many enterprises might - can make a website less usable. Striking the perfect balance between usability and security for consumers and businesses is a difficult challenge, and to arrive at a point even close to that requires cooperation on all levels, from the service provider and the customer.
"The symbiotic relationship between people, process and technology and the associated controls must be in harmony to maintain secure and compliant states - period," security consultant JJ Thompson told CSO Online.
Getting everything together not only means stricter controls on cloud security, but making sure everyone involved in the process is on board. For example, in the recent hack of Wired journalist Mat Honan, the actual theft of data occurred because of employees handing out customer data without proper identification, not a breach of the cloud.
Value of trust
As the Honan incident shows, many of the security issues associated with cloud computing have little to do with the technology itself. Instead, as columnist Paul Gilster of the News and Observer wrote, it comes down to the fact that consumers are forced to put trust in the corporations managing their data. It's less about trusting cloud computing and more about trusting the cloud-based service providers.
Glister notes that many of the companies simply tout the user experience instead of explaining the challenges associated with cloud computing to their users. This, in turn, makes installing stricter controls less palatable for many customers.
-McAfee Cloud Security