RSS Alerts

Related Links

Related Stories

  • Security and privacy high on agenda of potential enterprise cloud users
    Research just completed by Unisys claims to show that security and data privacy concerns remain the most significant impediment to the adoption of cloud computing among enterprise users.
  • Can the IT department survive Web 2.0?
    Risk-averse IT departments that are too cautious in their approach to Web 2.0 technologies such as social networking, online applications and cloud computing could be signing their own death warrants.
  • Panda Cloud AV software hits beta 2
    Panda Software has confirmed its Cloud AntiVirus software will be launched in the second quarter of next year. And the good news for Cloud Computing users is that it is now available in beta test and is free to all users.
  • Twitter company files leaked in Cloud Computing security failure
    Twitter has once again been hit by a lapse of security, this time with a hacker posting a set of internal company documents from the Twitter site and service, lifted from the GoogleApps online data sharing and collaboration system.
  • Jericho Forum links with Cloud Security Alliance
    Hard on the heels of unveiling Cloud Cube, its four-dimensional best practice model for cloud computing security in April, security industry association the Jericho Forum has linked with the Cloud Security Alliance (CSA), a not-for-profit vendor group.

News

Cloud providers must provide security guarantees

21 September 2009

Cloud computing service providers have yet to address enterprise concerns around data security, according to CA and Symantec.

Service level agreements that provide guarantees about data access and transparency of data handling processes are still a big hole, said Bill Mann, senior vice president of strategy in CA's Security Management business unit.

Few service providers are able to answer enterprise questions about who is able to access the data, he told delegates at the Gartner Information Security Summit 2009 in London.

Enterprises also need assurances on what technologies providers are using, how they are ensuring security and privacy, and how they are keeping applications separated, he said.

Policies around data retention after the service has been terminated, is another area that providers need to be clear about, said John Turner, vice-president EMEA technical sales at Symantec.

Businesses cannot assume that service providers will have the same level of protection around data that they use in-house, he said.

The degree to which enterprises are able to hold service providers to account will determine the extent to which cloud computing is a panacea or a Pandora's box, said Turner.

This article was first published by Computer Weekly

 

This article is featured in:
Application Security Compliance and Policy Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water