Marne Gordon, Regulatory Analyst, IBM Corporate Security Strategy
Many organizations have embraced, or are considering, the benefits of cloud computing – speed, flexibility, increased expertise, shared workload, reduced costs, etc. The benefits are many – but so are the risks. What are the threats to cloud security? Which parties assume responsibility for securing the environment? What about the data? Which type of cloud deployment offers superior security benefits?
This presentation examines cloud computing from a security and compliance perspective. Global information security standards and prevalent regulations focus on maintaining the confidentiality of data, leaving technology responsible for it processing to the discretion of the affected organizations. Most of these documents were written prior to general availability and adoption of cloud computing as a business model; none currently contain cloud-specific requirements. A regulated organization must therefore balance technological momentum with regulatory inertia. Is it realistically possible for forward-looking technologies to be retro-fitted for aging compliance requirements? How have global standards such as the Payment Card Industry Data Security Standard (PCI DSS), for example, kept pace with emerging technologies and business practices?