July 31, 2012
The role of the government in cloud data security was under discussion at a recent conference in Las Vegas, with a panel of industry thought leaders keen to see Washington take more of a role in online security.
According to CNN, one of the panels at the Black Hat security conference questioned whether or not the federal government should set the standards in cybersecurity. Millions of people now use supposedly secure cloud computing services to pay bills, share documents or transfer data online, and with Congress currently considering legislation that will allow companies to share data with government agencies, the subject of cloud security is a hot topic.
"The government is an enormous purchasing agent in our industry. Why can't the NSA come up with a security standard that they like?" asked panel member Bruce Schneier, a security critic and author. "Let them go to the operating system companies, the database companies, the cloud providers, and say if you want the government business, you have to adhere to this."
The Cyber Intelligence Sharing and Protection Act, currently making its way through the legislature, was drafted to help government agencies deal with the threat of cyberattacks, and to ensure that there was a simple way to protect networks from malicious breaches.
However, opponents of CISPA believe that corporations have a responsibility to their users to provide online security measures that will protect data security in the cloud, with law enforcement officials there to investigate breaches as opposed to imposing draconian measures to adhere to. Some panel members disagreed with this viewpoint, claiming that it was a distrust of large internet companies that was fuelling the call for more government involvement.
Government or Google?
Jennifer Gannick, a director of civil liberties at the Stanford Law Center for Internet and Society, requested a show of hands from the audience as to who they trusted less, the government or Google, and the internet company received a large share of the vote.
"I fear Google more than I pretty much fear the government," remarked panelist Jeff Moss, who holds a position on the U.S. Homeland Security Advisory Council and is the founder of hacker convention Def Con. "Google, I'm contractually agreeing to give them all my data."
This stand-off between the private sector and the federal government is limiting the implementation of effective online security measures, with the panel agreeing that the general public could be the losers overall.
"The biggest risks right now are not the bad guys," said Schneier. "They are the good guys who are not doing enough."
-McAfee Cloud Security