Cloud computing does not guarantee information security in
the short term, according to participants in a panel debate at
(ISC)²'s SecureLondon conference.
Protecting data is one of the biggest challenges because of all
the unknowns, said Mark Logsdon, deputy head of information risk
management at Barclays.
Data vulnerabilities will be great in the next two years, said
Jason Creasey, head of research at the
Information Security Forum.
Privacy concerns will limit what organisations and individuals
are willing to put in the cloud, said James Rendell, UK technical
manager, IBM Internet Security Systems.
"Recovery from identity theft is painful," he said.
According to Rendell, major improvements to the cloud computing
model will have to take place before there is a significant shift
in attitude.
Creasey said it was probable that cloud computing will become
the norm for business organisations, but it will take 10 years for
the model to mature to that level.
He said securing personal data in the cloud may lead to
universally tighter controls on they way data is handled. "It could
mean a step closer to a Big Brother scenario."
The panellists agreed that most enterprises were not yet putting
mission-critical applications or data in the cloud and will adopt
it in phases as the model matures.
Cloud computing service provider Google insists that the model
can already provide
higher levels of security than most in-house IT.
Most businesses do not have the security intelligence gathering
capabilities and resources to match Google's, said the firm's
enterprise security director Eran Feigenbaum.