2011- In the Clouds
As 2010 is drawing to a close, many 2011 security predictions are being published, particularly those around emerging technology. This piece by CSO's Bob Violino centers on security issues for cloud computing: 1. Smart phone data slinging... A hacked cloud provider could provide mass access to confidential mobile device data when mobile users are using cloud-based mobile device support... In addition, loss or theft of mobile device could provide root-level access to cloud services and data. Mobile apps are often providing direct and automated access to cloud services and data, he says. If an admin-level person's mobile device is stolen, this could be a major threat to highly confidential data or even cloud services administered by such a person from an insecure mobile device. 2. Need for better access control and identity management."The cloud by nature is highly virtualized and highly federated, and you need an approach to establish control and manage identities across your cloud and other peoples' clouds," says Alan Boehme, senior vice president of IT strategy and architecture at financial services firm ING. "There are some third parties that have delivered products and services that will address these issues, but they might not be adequate for large enterprises that have a mix of legacy and cloud components." 3. Ongoing compliance concerns."I think that compliance, especially PCI, is likely to continue to be a security issue," says Andy Ellis, CSO at Akamai. "Organizations still often need to come to grips with completely different processes that they have for managing data and apps in the cloud. And I think we will hear more rumblings about healthcare data in the cloud." 4. Risk of multiple cloud tenants. Given that most cloud services make heavy use of virtualization technology, the risks associated with multiple organizations' data housed on a single physical hypervisor platform exist... Although it is assumed that virtual machines and virtual network components are 'separated by default', flaws and potential weaknesses in hypervisor platforms have been documented that could cause segmentation issues. 5. Emergence of cloud standards and certifications. Because security will be evaluated when choosing cloud services, standards and certifications will be extremely important to help customers gauge how secure their data will be kept... Cloud users will continue to leverage their existing processes for evaluating the security postures of cloud providers, but will begin looking at some of the more popular organizations developing guidance and standards.