The U.S. Federal Financial Institutions Examination Council has issued a resource document to help financial institutions better understand and address unique risks posed by outsourced cloud-based services.
The National Institute of Standards and Technology's guidance recommends how and when cloud computing is appropriate, addresses risk management issues and indicates the limits of current knowledge and areas for future research and analysis.
Nearly three-quarters of surveyed professionals say concerns regarding data security prevent their organizations from adopting cloud services. And more than half of the respondents say their own services are more secure than those offered by cloud providers.
These are among the findings of the new 2012 Cloud...
The Jet Propulsion Laboratory treats non-sensitive data as if they were sensitive when piloting cloud services to help identify potential vulnerabilities. "It is a way of moving forward: walk, crawl, run," JPL's Tomas Soderstrom says. "It's a journey."
Cloud services are being adopted increasingly by organizations. But with adoption comes increased concern, says Symantec's Francis deSouza. How can organizations deploy cloud security to protect their data?
The Defense Department will employ a two-prong approach - securing the perimeter as well as the data - as it develops its cloud-computing architecture. "We're going to be able to better protect as we get more standardized," CIO Teresa Takai says.
Jason Clark, CSO of Websense, has spent a significant amount of time meeting with over 400 CSOs. From his interactions, Clark offers his advice on how chief information security officers can be more effective.
Cloud-computing service provider contracts, for most businesses and government customers, are take-it-or-leave it propositions, so organizations must approach a services agreement cautiously, IT security lawyer FranÃ§oise Gilbert says.
Apple's introduction of its third iteration of the iPad e-tablet, coupled with the growing popularity of cloud computing, could lead to new methods of enterprise computing and IT security, Delaware Chief Security Officer Elayne Starkey says.
"The changes we propose in revision 4 are directly linked to the current state of the threat space - the capabilities, intentions and targeting activities of adversaries - and analysis of attack data over time," says NIST's Ron Ross.