The U.S. Federal Financial Institutions Examination Council has issued a resource document to help financial institutions better understand and address unique risks posed by outsourced cloud-based services.
The National Institute of Standards and Technology's guidance recommends how and when cloud computing is appropriate, addresses risk management issues and indicates the limits of current knowledge and areas for future research and analysis.
The Jet Propulsion Laboratory treats non-sensitive data as if they were sensitive when piloting cloud services to help identify potential vulnerabilities. "It is a way of moving forward: walk, crawl, run," JPL's Tomas Soderstrom says. "It's a journey."
Cloud services are being adopted increasingly by organizations. But with adoption comes increased concern, says Symantec's Francis deSouza. How can organizations deploy cloud security to protect their data?
The Defense Department will employ a two-prong approach - securing the perimeter as well as the data - as it develops its cloud-computing architecture. "We're going to be able to better protect as we get more standardized," CIO Teresa Takai says.
Jason Clark, CSO of Websense, has spent a significant amount of time meeting with over 400 CSOs. From his interactions, Clark offers his advice on how chief information security officers can be more effective.
Cloud-computing service provider contracts, for most businesses and government customers, are take-it-or-leave it propositions, so organizations must approach a services agreement cautiously, IT security lawyer FranÃ§oise Gilbert says.