IT security professionals must work out how to implement cloud computing securely before it is too late, according to information security professionals organisation (ISC)².
Many security professionals assume that cloud computing is too dangerous, said John Colley, Emea managing director for (ISC)².
"But they need to get real as it will happen with or without their blessing," he told the Westminster eForum on cloud computing in London.
The business case is overwhelming, he said, referring to the reduced cost, rapid provisioning, scalability and flexibility that cloud computing offers.
Instead of rejecting cloud computing, security professionals need work out how their organisations can use it securely with minimum risk, said Colley.
"They need to look at how it can be done, not why it should not be done," he said.
According to Colley, the way forward is to identify and think about all the security issues and then find ways of making cloud computing work.
At the most basic level, organisations need to look at service levels, data recovery, service resilience and data security and protection, he said. "Beyond that, security professionals must consider how easy it will be to conduct investigations, forensic checks, audits and compliance checks."
Organisations also need to consider who can authorise new cloud services, how to control and monitor this process, and how to stop unauthorised use of cloud services.
"Trust in suppliers and employees is important, but it is always advisable to put in place processes to verify that security standards are being upheld," said Colley.