RSA: Cloud security issues still haunt corporate customers

The RSA Information security conference in 2013 again addressed the issue of cloud computing security. Before cloud computing truly lands, its security must first be recognized by corporate customers. But for now, this obstacle is not easy to sweep. Cloud-computing services and the Cloud Security Alliance (Cloud-alliance--Industry Association) have done the best they can, and cloud security issues still make it executives headache. At this meeting of the Cloud Security Division, IT security experts complained that cloud service providers lack of transparency, resulting in customers face cloud services hesitate. The opacity of cloud services is mainly embodied in the areas of service level agreements, management functions, and security responsibilities. Participants pointed out that the current cloud security is not authoritative certification, cloud computing service providers do not allow enterprise customers to visit the machine, IT managers do not know where to start. For the opacity of cloud services, for example, cloud services software vulnerabilities are opaque to customers, which directly hinders the customer's management of vulnerabilities-related operational risks. At the meeting, Zynag company CSO Nils Pulhman to remind Enterprise customers: in the face of security vulnerabilities, cloud service providers first consider the impact of reducing their own, second will consider the customer, so customers must establish the control of cloud computing services. Nils Pulhman advises it executives to look closely at cloud computing services. "Investigate like a policeman," he said. "To ascertain whether the service provider is mature. "--in his experience, especially in startups, nine out of ten were questioned and routed. In the matter of transparency, the views of experts are unanimous. Patrick Foxhoven, vice president of Vscaler Cloud computing, added: "You have to ask the service provider for transparency, not enough transparency, you can't audit." "But many participants pointed out that the strength of an enterprise customer alone is not enough to challenge the strong cloud computing service provider's consistently open security policy." Another participant asked the question: If you want to evaluate a SaaS service provider that runs on the platform of another PAAs service provider and is hosted on a third cloud computing infrastructure service provider, does that mean you need to evaluate it three times? "Foxhover put the problem aside, but as a service provider, he has received a number of security-related questionnaires from potential customers, many of which do not apply to cloud computing for security. Then he went back to the question and said the answer was not so simple. Finally, in the choice of service providers, he advises it executives to talk more with other customers and learn about their experiences for a particular service provider. "This is the unfortunate reality we face today." Foxhoven concluded.