Cloud adoption has driven innovation to solve barriers to adoption, but not all are created equal and enterprises needs to be wary about claims of security over data which seem too good to be true. A fundamental question that needs to be asked is exactly how data is protected, on what basis are risk reduction claims made, and with what evidence to prove any claims of security.
The cost reduction benefit of cloud to be able to maximize profits is very attractive, but the regulatory and risk environment is complex to say the least. In the broader financial services market, investment banking is certainly in the forefront of adopting cloud, often in specific high value use cases.
Being able to provision cloud based services in an instant to secure business collaboration is seen as hugely beneficial to taking compliance issues off the table and enabling a mobile and cloud enabled workforce at the same time.
The security barrier
There are three issues which come up in every conversation that are the “big 3 barriers”:
1. Data risk in the cloud and control. How can data still be controlled under complex regulatory frameworks in a low trust environment?
2. How can my application still extract value from data if it is protected in the cloud without exposing live data in a low trust system?
3. How can I retain total control over data in respect to data residency and legal search requests to a cloud provider and give total control back to the data owner?
These barriers are very real. Industry regulators such as PCI SSC, FFIEC in the US, ICO in the UK in the UK have issued cloud guidance to enterprises relating to regulatory risks that stem from security concerns in the cloud. The advice is mostly pragmatic, but it signals the need for organizations to think carefully about how they are going to maximize the value from information in the cloud without increasing regulatory compliance costs at the same time.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.