Core security problems associated with cloud computing include security of data, the availability of data, and regulatory compliance, said Geoff Webb, Credant’s director of product marketing.
“The challenge is once the data leaves the organization and goes into a cloud service, then my capacity to enforce controls around it is extremely limited….It is very hard in a cloud environment to get the cloud provider to change the way they handle security for your organization”, Webb told Infosecurity.
There is less and less control in the cloud over where the information is, who has access to it, and the security processes in place to keep it safe. “That is what has caused a lot of organizations to step back and say, ‘We are really concerned about the potential risk cost in going out to the cloud. We understand the cost benefit operationally, but the risk cost is very high, particular because if there is a breach, we are the ones on the hook from a compliance perspective’”, Webb said.
The business people want to use the cloud because it can drive down costs and increase flexibility and competitiveness. But the security people want to slow down the process so they can assess the security risks of going to the cloud, he noted.
“There is a lot of fear and concern; some of it justified, some of it overblown. But there are genuine concerns about keeping data safe in the cloud”, he said.
Credant is offering a beta program for its cloud encryption software for virtual desktop infrastructure. The company explained that the product enables organizations to control and enforce data security whether corporate data is located in private, hybrid, or public cloud infrastructures.
“Organizations want to utilize the cloud because of the lower costs and the productivity advantages it has to offer. But at the same time, they want to make sure they maintain control of the data they put into the cloud. So the capability that Credant would offer is to allow the organization to encrypt the data that goes into the cloud, but the control and management of the encryption key stays with the organization, not with the cloud provider”, explained Bob Heard, Credant's chief executive.
Webb added: “If cloud providers are controlling the key, then you as a business still have all the risks associated with someone outside the organization getting access to the data. If you control the key, no one outside the organization can get access to the data.”