CSOonline recently had an article on Cloud Security trends for 2011. In it they described 5 things to watch for in 2011. You can read the article for their perspective on these trends but I have a perspective on the items on their list…
- Smart phone data slinging - This is the fact that more corporate data will be “out there” on mobile devices. The article focused on the possibility that the carrier get cracked and the stream of corporate information become available to someone outside the enterprise. These kinds of issues have been tackled for years in the laptop space. We use end-to-end encryption that the carrier can’t see into. The carriers can’t really provide it though, since that is what got Blackberry in trouble with governments across the globe. Organizations on the other hand have had VPNs, drive encryption, remote wiping… Some mobile devices can do this today as well, it may be a whole new mobile world, but some of these issues are not all that new. The devices have just not all caught up with it yet, so businesses may need to lobby their providers. Organizations with these security concerns do have a bit more of an issue with “bring your device to work” approaches, at least for a while.There are some solutions in the works.
- Need for better access control and identity management - To me this is an integration issue to a large extent. There needs to be an enterprise approach to the cloud activity, it is not just an aggregation of services – it needs to be integrated in a seamless fashion otherwise the security (and the user interface) experience will chafe. Since mobile devices have a greater ability for multifactor authentication than we’ve ever had, their integration into the enterprise cloud should make security stronger not weaker – if done properly.
- Ongoing compliance concerns – Definitely compliance with HIPAA, PCI and other yet-to-be-defined compliance standards will be a driver for hybrid cloud activities and a restraint on the growth of public cloud for the foreseeable future.
- Risk of multiple cloud tenants – To me this was one that seemed to be focused more on the flaws in virtual machines and related system software. Unfortunately, that is outside the control of nearly every system/software consumer. Keeping your systems patched is the best way to avoid this one and use system software that you’ve developed a trusted relationship.
- Emergence of cloud standards and certifications – This is definitely an area I believe we’re going to see some shifts taking place in 2011.
A couple items I’d add:
6. Cloud supplier responsibilities for consumer actions clarified – There have been a few instances where the cloud service provider have had their feet held to the fire for the actions of the clients they host. This will get more clarification either legislatively or through the contracts. Remember the wikileaks hosted by Amazon incident.
7. “Do not track” legislation – although not specifically cloud related, it is something that everyone will need to be more aware of when it comes to fruition.