Data security in the cloud needs to be standardized

27 septembre 2012

Businesses are still sitting on the fence when it comes to adopting the cloud because the security standards vary between providers, one industry thought leader noted.

Speaking at the recent V3 Security Summit, Nathaniel Borenstein, a chief scientist at Mimecast, stated that the issue of data security in cloud computing had not been resolved, and that a failure to impose security standards across the virtual infrastructure was forcing some businesses to think twice about the cloud. Borenstein felt that companies had no idea which service providers could be trusted, citing a lack of independent evaluators that can advise nervous adopters of the right path to take toward secure data protection, despite the introduction of ISO 27001.

Equality in the cloud
"All clouds are not created equally," said Borenstein in his keynote speech at the summit. "The decision about who to trust is absolutely critical. What businesses are worried about is how to get the right cloud security. They can talk to other customers and exchange references, but this is not entirely satisfactory."

Research carried out by Mimecast showed that cloud service providers are struggling to prove how trustworthy and secure their clouds can be. The company surveyed over 700 IT professionals and business executives, with 45 percent of respondents admitting that they have concerns over data security in the cloud. The continuing debate between virtual storage and on-premises facilities was also a factor, with 70 percent of those surveyed believing that data is more secure in an onsite IT model rather than in the cloud, with 9 percent revealing that the lack of security standards was preventing them from using a cloud-service provider.

Switching service providers
Borenstein, who is credited with sending the first ever email attachment in 1992, also feels that companies are concerned about what happens to their data when a contract with the service-provider ends, especially if they are moving to another provider. He acknowledged that Google might be on the right track with its Data Liberation Front, an engineering team that makes it easier for a user to move data in and out of specific products.

"Reputable cloud providers will tell you about their data portability policy when you join," he said. "They will aim to make the leaving process so positive that maybe you will decide to come back. Sometimes, different cloud providers can interact with each other in different ways. How well they play together is not something uniform among most providers."

-McAfee Cloud Security