Weekly Industry Round-up, Week of 7/5
Posted by hyperguard on July 9, 2010
Data Center Journal…
Security and Legal Concerns Hamper Cloud
Jeffrey Clark says the cloud offers a number of benefits, both from the perspective of increased business value and from the perspective of reduced environmental impact resulting from the use of IT resources. However, despite its numerous benefits, the cloud continues to be weighed down by concerns revolving around security and various associated legal matters. With the Federal Government looking at the cloud as one means to reduce its data center footprint, the potential market for cloud-based services could explode. Cloud-service providers should consider the concerns of potential customers, especially in terms of security. Many providers believe that this information about data centers and procedures should be kept secret, but many customers (such as the Federal Government) want to be made aware of that information before signing on with a provider.
41% of IT Pros Surveyed Admit to Abusing Admin Privileges
According to this article, of the over 400 IT professionals who responded to Cyber-Ark Software’s fourth annual “Trust, Security and Passwords” survey, 41% admitted to abusing administrative passwords to access sensitive or confidential information, such as HR records and customer databases—an 8% increase since last year’s survey. As a report by the Cloud Security Alliance points out, storing data in the cloud increases the total number of individuals with potential access to sensitive data, and thereby increases the risk of data theft by a malicious insider. But many of the same practices used to protect against internal data theft can be applied in the cloud as well. Some ways to deal with these issues? Trend Micro says companies should specify human resource requirements as part of legal contracts, determine security breach notification processes and require transparency into overall information security and management practices.
GAO: Federal Agencies Lack Advisement on Cloud Security
Dan Kaplan says that according to a new report from the U.S. Government Accountability Office (GAO), a growing number of federal agencies are running some form of cloud computing, but nearly all lack policies around securing data hosted offsite. The report, written by Gregory Wilshusen, director of information security issues at GAO, found that 22 of the 24 major federal agencies are either “concerned” or “very concerned” about the security risks associated with cloud computing. Despite that, half of the agencies have moved forward on cloud computing projects, mostly for the technology’s low-cost disaster recovery, data storage and self-service benefits.