Cloud computing is going strong. In fact, research firm Gartner predicts that worldwide revenues for cloud services will grow from some $46 billion in 2008 to approximately $150 billion in 2013.
But along with this growth comes questions about how corporate data in the cloud will stay secure.
Bob West, CEO and founder of consultancy Echelon One, who spoke on a panel during Tuesday's live SC Magazine "Securing the Cloud" eConference and Expo, said there are many questions that security pros should pose to their cloud providers before entrusting data to them.
SC Magazine recently sat down with West to get some quick thoughts from him on this important and timely topic:
SC: Where do you see companies fumbling the most when it comes to securing their critical data in the cloud?
West: Most companies have challenges understanding where their information is in traditional environments, much less in the cloud. Before implementing a cloud application, it is important to conduct a risk assessment, understand the information that will be placed in the cloud, determine where the information will reside geographically, and then determine what controls need to be in place.
SC: Are there particular best practices, standards or other guidance that you think might help organizations understand the security ramifications of using cloud services?
West: The Jericho Forum has published a series of "Collaboration Oriented Architecture" white papers that can help organizations think through the issues they face. In terms of best practices, it becomes particularly important that organizations have a good control over managing identity throughout its lifecycle.
SC: When looking at cloud services providers, what are the top requirements that companies should make sure these providers meet?
West: ISO 27000 certification is one indicator that will help organizations understand the level of security controls in place. Another is the BITS Shared Assessment program.
Click here to enter the SCWC 24/7 virtual community and listen to the e-conference on demand.