September #SecChat Recap – The Evolution of Cloud Security

Cloud solutions are quickly becoming an attractive option for the enterprise, given their efficiency and scalability. Despite the allure of this shiny new thing, however, security concerns remain. In our September #SecChat, we discussed the current cloud landscape and evolution of cloud security.Our panel of industry experts provided valuable insights on the topic, and encouraged a fast-paced conversation covering various aspects of cloud security. Here are some of the highlights:

Is the cloud inherently insecure?

In response to our first discussion question in which we asked participants whether or not they believed the cloud to be inherently insecure, panelist @LNierat claimed that public cloud service providers are not reliable enough to protect data on their own. Rather, data should be encrypted to increase security.Alternatively, @bsmuir stated that the cloud is not inherently insecure, but it could very well be built upon insecure systems — putting more pressure on an underlying security system. Painting a broader picture of the digital security landscape as a whole, @rickhholland took the approach that everything is, in fact, inherently insecure:

What are the key ingredients to protecting private and hybrid clouds?

Following the topic of insecurity in the cloud, the focus shifted to measures of private and hybrid cloud protection. @VirtualTal believes three central factors to be critical for protection: vendor selection criteria, compensating controls and training. Following this point, panelist @KingTherapy jumped in to state what certainly wouldn’t work in terms of protection: re-purposing physical security architecture for the cloud.Another unique approach to this question surfaced by @MaryKillelea, who stated that implementing markers for comparison purposes is necessary in ensuring cloud protection:

What can be done to ensure a coordinated approach to server security?

In closing, we asked participants what actions could be taken to ensure a coordinated approach to server security. @securelexicon answered by pointing out a current trend among government agencies — the creation of a unique authorization process. Participants seemed to reach a consensus that a coordinated approach to security involves a good look at the end-to-end processes. @SPCoulson stated that the process of information security starts from the first keystroke of the developer all the way through the end-user’s validation process. Panelist @bcandrew strongly agreed with this point of view:

Where do you stand on cloud security? Let us know in the comments. Thank you once more to all who joined our September #SecChat! Check out the full conversation on Twitter by searching the #SecChat hashtag, and to stay plugged in on news of upcoming chats, follow @McAfeeBusiness.

Leave a Comment

twenty − ten =