IT Compliance Advisor

Sep 26 2011   7:17PM GMT

Lack of cloud computing standards causes concern as adoption spreads



Posted by: Ben Cole
Tags:
cloud computing standards

Recognizing the “significant opportunities” surrounding cloud computing, the Subcommittee on Technology and Innovation held a hearing last week to examine the benefits — and obstacles — of widespread cloud adoption. The hearing could be a first step to more exacting cloud computing standards.

Subcommittee members said cloud computing can provide users with increased computing capability, greater efficiency and lower energy and infrastructure costs. However, cybersecurity remains a major concern for many users, said Subcommittee Chairman Rep. Ben Quayle (R-Ariz.). Quayle pointed out that users must have confidence that their data and applications, as well as their privacy, will be protected. Quayle added that cloud service providers would need to offer users different tiers of security depending on the sensitivity of their data in order to alleviate these concerns.

Nick Combs, federal chief technology officer at EMC Corp., and Dr. Dan Reed, corporate vice president of the technology policy group at Microsoft, were among those testifying at the hearing. In response to Quayle’s concerns, Combs suggested cloud security be driven by a “flexible policy” aligned to the business or mission need, and that a common framework would be needed to ensure that cloud security policies are consistently applied. Reed added that clear policy goals surrounding cloud security are necessary, but regulators need to be careful to avoid rules that will hinder cloud innovation or quickly become outdated.

These cloud security concerns echoed statements recently made by Alan Barnes, director of risk and advisory at Services Assurant Inc., at a GRC training summit in Boston. Barnes noted that cloud computing creates additional third-party security risks, such as hacking, a lack of compliance standards and intellectual property vulnerabilities. Barnes added that the current lack of agreement on cloud computing standards ensures that cloud provider risk evaluation will remain inexact and inconvenient for the next several years.

The National Institute of Standards and Technology (NIST) is spearheading stakeholder efforts to develop cloud data security and interoperability standards, which witnesses at last week’s hearing said are critical to the cloud’s success.

“As an agency considers migrations to cloud computing, NIST must develop the appropriate consensus standards and guidelines to ensure a secure and trustworthy environment for federal information,” according to a statement from the Subcommittee on Technology and Innovation.

Developing such “consensus standards and guidelines” is an appropriate first step to alleviate concerns surrounding the mass migration to the cloud. But until these cloud computing standards are established and implemented, users need to remain cautious moving to the cloud.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: