CIO Symmetry

Dec 13 2011   3:33PM GMT

Cloud security planning should be part of strategy from beginning

Scot Petersen Scot Petersen Profile: Scot Petersen

What are you doing about cloud security planning? I say planning because, in a survey of attendees at the recent SearchCompliance.com Making the Case for the Cloud virtual seminar, more than half of the IT professionals responding said they don’t have a cloud strategy in place — though 100% said they would within the next year.

The point is that a cloud security strategy should be part of a cloud plan from the beginning. How that plan gets formulated is up for grabs, however. Responding to an instant poll taken during one seminar session on cloud incident response, 45% said their cloud security plan consists of reliance on SAS 70 Type II audit reports; another 32% said they rely on service contracts and lawyers to sort out the details; and 23% answered that they “can’t get management on board” for any security plan.

That’s pretty shocking. Even overlooking the 23% who are throwing up their hands, the other two options are not much better, certainly not by themselves. The SAS 70 standard was not designed with cloud security in mind.

According to IT security consultant Kevin Beaver, the speaker in the incident response session, SAS 70 had its place but is being phased out. “But it’s not that simple,” he said. “The bottom line is, you have to dig in deep; you can’t just assume that if everything checks out in the SAS 70 Type II audit report, everything must be fine. Because that is not the case, based on what I am seeing in my security work.”

First steps for cloud security planning? Get a good lawyer, a good security consultant and your CEO, and put them in a room together. Order lunch. And get down to business.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: