Prove to us that cloud is really secure says auditor

Cloud security

Security and compliance are two barriers to adopting the cloud, but one information security expert has said all users need is some proof of what is in place before they deploy the technology.

Presenting at the RSA Europe conference in London today, Davi Ottenheimer began by saying the issues around security and compliance in the cloud are not much different to those surrounding legacy systems.

"The cloud is an extension of everything we have learned before [and] we should apply those lessons we learned over time," he said. "What is [new] is in terms of technology, [namely] the automation, elasticity and measurement of cloud."

The underlying factor of moving to cloud systems, however, comes down to "fear and trust," claimed Ottenheimer.

"A lot of the cloud brought fear, with people saying compliance and security stopped them from moving to the cloud," he said. "It is actually that they are looking for proof; they don't think cloud doesn't have any compliance or security but they want to see the proof [first]."

As an auditor, it is Ottenheimer's job to go to the cloud service providers and dig out the evidence. The problem with the current crop of vendors, however, is they expect you just to trust what they say is fact.

"When I walk in, [cloud service providers] say they are responsible and think that they are off the hook," he said.

"I have to push for the answer cloud providers say you can trust us, that's not good enough for me. I need to see mathematical [evidence] or I will pull my customers out. I have pulled customers out of [deals] with providers before."

Ottenheimer advised users to ask for more from their cloud providers to make them feel safe, be it extra layers of encryption or more policies. However, it seems it is down to the big guns of the cloud world to open up more and explain how exactly they are keeping our data safe.

Jennifer Scott

Jennifer Scott is a former freelance journalist and currently political reporter for Sky News. She has a varied writing history, having started her career at Dennis Publishing, working in various roles across its business technology titles, including ITPro. Jennifer has specialised in a number of areas over the years and has produced a wealth of content for ITPro, focusing largely on data storage, networking, cloud computing, and telecommunications.

Most recently Jennifer has turned her skills to the political sphere and broadcast journalism, where she has worked for the BBC as a political reporter, before moving to Sky News.