Enterprises are currently facing a barrage of information around cloud security. Some are moving to the cloud for better security; some won't move to the cloud because of a lack of security. Every vendor product is "cloud-based." Cloud service providers mention security controls in marketing material, but won't delve into specifics. For the average enterprise and IT professional, what does all this mean?
In this video interview, recorded at Information Security Decisions 2013, Rich Mogull, CEO and analyst for Phoenix-based consultancy Securosis, reviewed the basics of cloud security. First, Rich discussed what he called pragmatic cloud security, which basically entails some of the real security victories that organizations can attain through the cloud today. Of course, one of the biggest downsides to the cloud is the lack of control over the services being utilized in a corporate setting, but Mogull explained how companies can come to grips with this activity.
Mogull also covered one of his favorite topics: security automation. He detailed some simple examples of security automation through the cloud, showing just how powerful such advances in tech can be if harnessed properly. Finally, he tackled the tricky issue of how the cloud could affect IT security professionals that built their careers on honing firewall rules and locking down desktops. For those enterprises and IT pros struggling with cloud security basics, Rich's overview provides a good starting point for attaining much-needed knowledge on the cloud.