The Cloud Summit security debate

Cloud Summit logo

The biggest issue preventing companies from moving to the cloud has always been security, yet there are many complications IT departments have to consider.

When IT Pro and sister title Cloud Pro brought together experts from across the field at our Cloud Summit to discuss the complexities of cloud security, we got some solid answers.

One major contemporary concern is around the Patriot Act, which could allow US Government to go into cloud data centres to gain information, even if they're not on US soil.

You have to approach cloud providers as if they're insecure.

According to HP's UK & Ireland storage and server chief technology officer David Chalmers, however, HP will not open its doors in the UK to any US body enforcing the Patriot Act.

This was something that was echoed by Rackspace's vice president of technology Nigel Beighton, who said its UK datacentres would do the same.

So those relying on UK-based cloudy datacentres can fear not. But should people be worried about security of the providers' themselves?

"You have to approach cloud providers as if they're insecure," recommended Beighton, who quickly pointed out that didn't mean Rackspace was insecure.

He said it would be wiser to assume cloud solutions can't be trusted in order to ensure the information that businesses are putting up in the cloud is as secure as possible. Due to the risks involved, such an approach would also mean hybrid services are considered where necessary, according to Beighton.

Rik Ferguson, Trend Micro's director for security research, said businesses should approach vendors as if they were estate agents. He urged people to look into all the different options and pick the one that suits the customer's cloudy plans.

Businesses should be wary of complacency too, Ferguson said.

"Don't forget about the perimeter. The perimeter is still there, you just have to find where it is... To break through the cloud's perimeter, all you need is a credit card," he added, noting the importance of making cloud-based apps as secure as possible.

But what about when cloud providers' services are being used for malicious activity? Ferguson said it was certainly a possibility that users' services could be disrupted if law enforcement have to enter cloud datacentres and remove the hardware.

The providers themselves were a little stumped, but Beighton said they do checks on who is using their services. This includes checks on what kinds of credit cards are being used to buy cloud infrastructure and monitoring for spam. It was unclear, however, how vendors would comply with warrants to remove servers from datacentres and still ensure customers were unaffected.

There is a clear need for definite processes and standards for cloud security. Once these come into place, adoption will surely skyrocket.

Look out for the rest of our coverage from our Cloud Summit and the inaugural IT Pro awards this week.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.