Cloud computing service providers have yet to address
enterprise concerns around data security, according to CA and
Symantec.
Service level agreements that provide guarantees about data
access and transparency of data handling processes are still a big
hole, said Bill Mann, senior vice president of strategy in CA's
Security Management business unit.
Few service providers are able to answer enterprise questions
about who is able to access the data, he told delegates at the
Gartner Information Security Summit 2009 in London.
Enterprises also need assurances on what technologies providers
are using, how they are ensuring security and privacy, and how they
are keeping applications separated, he said.
Policies around data retention after the service has been
terminated, is another area that providers need to be clear about,
said John Turner, vice-president EMEA technical sales at
Symantec.
Businesses cannot assume that service providers will have the
same level of protection around data that they use in-house, he
said.
The degree to which enterprises are able to hold service
providers to account will determine the extent to which cloud
computing is a panacea or a Pandora's box, said Turner.