Cloud process stumbling block: cloud security and data confidentiality

Chris Weitz, a head of Deloitte Consulting, is primarily responsible for the financial Services Consulting team's recommendations for cloud computing. He has been in this position for five years, before working for a Deloitte Global consulting service for nine years. He has over 30 years of experience in the IT field.

As a result, Weitz has witnessed the impact of cloud computing on the IT industry. In a recent survey by Deloitte on the challenges of implementing a mixed cloud environment, 950 people voted, 49% voted for cloud security and data confidentiality, and he believes that the main cloud providers are actually much better than people think.

Journalist: 950 people who participated in the Deloitte poll. 36% It is considered that privacy protection is the main concern. What do you think it is?

Chris Weitz: Privacy protection is really a big concern, because different places have different legal governance information to use, and if it is not properly protected it can cause serious results. Europe will use EU law to focus more on personal information and personal privacy than anywhere else in the world. The United States is not strict, but there are still clear regulations and the use of legal governance information, especially medical information and personal financial information. Therefore, anyone with management control should pay extra attention to how they are managed, especially if the data is transferred outside of their physical control.

The big problem, of course, is that the data is not physically stored on any computer in the cloud computing environment, but is distributed across countless machines, so there is no fixed physical location for you to check. All by software implementation, the definition of software is not directly visible, so you need other software to monitor the software. These new software monitoring tools have not yet been widely used, and this is an emerging area. It is natural, therefore, to suspect that there is no suitable physical location at this level or a security control around its own data, and that it is possible to ensure that their data can be obtained at a time of need, rather than being transmitted incorrectly.

Reporter: How to deal with this problem in the future?

Chris Weitz: The emerging answer is that the data will be protected in the content layer itself, in other words, wherever it is stored, because the data is encrypted.

There is also a lot of user-based access and authentication on data features and permissions. Security is not based on whether you are accessing the environment, but on what you are authenticating as a user and what you are allowed to see, and the software is more complex to manage in such a cloud environment.

These are in the continuous development, make it more secure. I think cloud makers are doing a good job right now and I don't think anyone will accuse them of a new security risk, but corporate users are a bit behind in understanding how these security and privacy mechanisms work.

Journalist: 24% lists network threat security. What is the status quo?

Chris Weitz: The main problem for enterprise users is that if your system is being operated by a third party, especially a large number of traffic-heavy third parties, like the main cloud provider, there may be potential troublemakers who secretly access your information or attack your system. This is always the point, but the problem is now more pronounced because the visibility and branding of these systems make it public.

In fact, I want these vendors to be less and bigger because you can concentrate on less attacking points. Cloud computing companies have a big incentive for the best security in the world because their entire business relies on these, and there is evidence that the safety of the work is more secure than any other, including any enterprise or cooperative organization. They can hire the best people in the world and invest all their money in it, and they do it.

Journalist: So, if security is ensured, will cloud computing be prime time?

Chris Weitz: My personal view is that this kind of fear will fade away, because in a few years there will be a leading manufacturer to solve the problem, this is an early phenomenon, once the cloud market matures a little, I think there will be a reasonable mature state, like other things.

Nothing is inherently dangerous about cloud computing. Nothing, and fear of danger is because it's a new technology.

Interviewer: What advice do you have for customers who are worried about cloud security?

Chris Weitz: All typical security and privacy recommendations are similar. The environment is the key, like any new technology, you need to understand the difference, but you have to know what is the same. You can never outsource a liability obligation.

No matter how the industry changes, or how the new generation of architectures is applied, you have to do your job to ensure that your vendors are doing the right thing, that you're using the right left-heart approach, and that you can meet your own functions. You cannot use the old method in the new architecture, nor can you assume what the vendor will do without checking. Like an upgrade or refresh: You have to test it before you know it.