On cloud security requirements, customers must assume responsibility

On cloud security requirements, customers must assume responsibility

Date: Jul 21, 2014

While the recent attacks against cloud computing services providers Code Spaces and One More Cloud prove the importance of cloud multifactor authentication, they also underscore an even larger takeaway: Organizations must understand and take responsibility for their own cloud security requirements.

According to Jay Heiser, research vice president with Stamford, Connecticut-based IT research firm Gartner Inc., enterprises that aren't intimately familiar with cloud security best practices may not realize when a cloud provider isn't acting in their best interest.

"What's happened is small service providers have done a bad job of protecting their customers' data," Heiser said. "I'm not aware of any weakness in [the providers'] technology or levels of service. It was the implementation."

In this interview, conducted at the 2014 Gartner Security & Risk Management Summit, Heiser discusses the specific mistakes cloud providers make, in particular poor stewardship of privileged access, that often result in successful attacks.

Heiser also explains that as a result of incidents such as these, enterprises are going to learn to better recognize where a cloud provider's security responsibilities end and theirs begin. However, that evolution will take time, he added, because cloud computing governance is poor in many organizations and that enables business units to engage in the use of cloud computing without proper security training or oversight.

More on Public Cloud Computing Security

  • canderson

    Cloud security basics: What enterprises, IT pros need to know

    VIDEO - Video: Securosis CEO Rich Mogull details cloud security basics, including how the cloud affects enterprises today and the joys of security automation.
  • canderson

    Public cloud encryption: Encrypted cloud storage options for enterprises

    VIDEO - Rich Mogull describes how public cloud encryption offers additional control in multi-tenancy environments, and demos how to ensure proper encrypted cloud storage.
  • canderson

    Infrastructure as a Service security 101: Public IaaS security issues

    VIDEO - Rich Mogull explores public IaaS security issues and addresses how cloud computing providers enable enterprise security strategy.
  • Apple iCloud hit with MitM attacks in China

    News - There is more potential trouble for Apple iCloud users as a nationwide man-in-the-middle attack struck the iCloud website in China amid the country's launch of the new iPhone 6.

    ( Oct 20, 2014 )

  • How calculating cloud resiliency cuts cloud downtime

    Tip - Calculating and monitoring cloud resiliency is critical to preventing cloud downtime or lessening its effects. Expert Ed Moyle discusses the two main steps to start reducing cloud concerns.
  • Helix Nebula cloud security hinges on federated identity management

    News - CERN and the Cloud Security Alliance explain how federated identity management protects Helix Nebula, a European cloud platform that's running applications for such research projects as the Large Hadron Collider.

    ( Sep 02, 2014 )

  • AWS CloudTrail

    Definition - AWS CloudTrail is an application program interface (API) call-recording and log-monitoring Web service offered by Amazon Web Services (AWS).
  • multi-tenancy

    Definition - Multi-tenancy is an architecture in which a single instance of a software application serves multiple customers. Each customer is called a tenant. Tenants may be given the ability to customize some parts of the application, such as color of the user interface (UI) or business rules, but they cannot customize the application's code.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: