a central point for collection of information as it relates to cloud computing in the government
Cloud Trends in 2011
January 11, 2011 at 6:25 pm #120171
CSOonline recently had an article on Cloud Security trends for 2011. In it theydescribed 5 things to watch for in 2011. You can read the article for theirperspective on these trends but I have a perspective on the items on theirlist…
1. Smart phone data slinging – This is thefact that more corporate data will be “out there” on mobile devices. Thearticle focused on the possibility that the carrier get cracked and the streamof corporate information become available to someone outside the enterprise.These kinds of issues have been tackled for years in the laptop space. We useend-to-end encryption that the carrier can’t see into. The carriers can’treally provide it though, since that is what got Blackberry in trouble withgovernments across the globe. Organizations on the other hand havehad VPNs, drive encryption, remote wiping… Some mobile devices can do thistoday as well, it may be a whole new mobile world, but some of these issues arenot all that new. The devices have just not all caught up with it yet, sobusinesses may need to lobby their providers. Organizations with these securityconcerns do have a bit more of an issue with “bring your device to work”approaches, at least for a while. There are some solutionsin the works.
2. Need for better access control and identitymanagement – To me this is an integration issue toa large extent. There needs to be an enterprise approach to the cloudactivity, it is not just an aggregation of services – it needs to beintegrated in a seamless fashion otherwise the security (and the userinterface) experience will chafe. Since mobile devices have a greater abilityfor multifactor authentication than we’ve ever had, their integration into the enterprisecloud should make security stronger not weaker – if doneproperly.
3. Ongoing compliance concerns – Definitelycompliance with HIPAA, PCI and otheryet-to-be-defined compliance standards will be a driver for hybrid cloudactivities and a restraint on the growth of public cloud for the foreseeablefuture.
4. Risk of multiple cloud tenants – To me thiswas one that seemed to be focused more on the flaws in virtual machines andrelated system software. Unfortunately, that is outside the controlof nearly every system/software consumer. Keeping your systems patched is thebest way to avoid this one and use system software that you’ve developed atrusted relationship.
5. Emergence of cloud standards andcertifications – This is definitely an area I believe we’re going to see some shifts taking place in 2011.
A couple items I’d add:
6. Cloud supplier responsibilities for consumeractions clarified – There have been a few instances where the cloud serviceprovider have had their feet held to the fire for the actions of the clientsthey host. This will get more clarification either legislatively or through thecontracts. Remember the wikileaks hosted by Amazon incident.
7. “Do not track” legislation –although not specifically cloud related, it is something that everyone willneed to be more aware of when it comes to fruition.
What else should go on this list; add them below.
You must be logged in to reply to this topic.