Hybrid clouds will become the norm says Overtis CEO

This, he says, is where critical data is stored on dedicated servers and only the least sensitive information is stored in multi-tenanted environments.

According to Macnair, security experts at RSA 2011 debated the issue of being able to remain compliant if sensitive data was stored in the cloud.

This, he told Infosecurity, is a very valid point, as a company found to be wanting on the data security front cannot say to the regulator such as the Information Commissioner's Office that their cloud supplier caused a data breach.

"The issue here is that, whilst the cloud has huge cost benefits, there is also a loss of control [over your data] involved," he said, adding that it is difficult to completely audit the cloud solutions on offer today.

As a result, Macnair says that companies are adopting a hybrid approach, where regulated data is firmly held locally on the company's own IT resources and 'routine' data is pumped into, and stored, in a cloud computing environment.

Will this fledgling hybrid model continue?

Judging from what Macnair discovered and discussed at RSA 2011, he says the answer is yes, but the Overtis CEO notes that many professionals went to the security conference looking for advice on implementing cloud security technologies.

"What they were saying is: 'show me a way to get into the cloud on a secure basis' and, in the main, they got their answers", he said.

One of the most interesting observations that Macnair made at RSA 2011 was how much the web browser has become the commonality in a growing number of applications software.

"The browser has, in effect, become the new endpoint. It is the commonality that exists in a quite wide range of IT systems. And it's therefore important to protect that endpoint", he said.


Macnair says that businesses are increasingly going to go down the path of a hybrid solution for their data and IT systems, storing the regulated data – as well as private data – on an encrypted basis on IT systems under their own control, and then using the cloud for the rest of their IT resources and allied data storage.

It is, however, still in the early days when it comes to the cloud, so there are still many questions to be answered, he said.

What’s Hot on Infosecurity Magazine?