On cloud security requirements, customers must assume responsibilityDate: Jul 21, 2014
While the recent attacks against cloud computing services providers Code Spaces and One More Cloud prove the importance of cloud multifactor authentication, they also underscore an even larger takeaway: Organizations must understand and take responsibility for their own cloud security requirements.
According to Jay Heiser, research vice president with Stamford, Connecticut-based IT research firm Gartner Inc., enterprises that aren't intimately familiar with cloud security best practices may not realize when a cloud provider isn't acting in their best interest.
"What's happened is small service providers have done a bad job of protecting their customers' data," Heiser said. "I'm not aware of any weakness in [the providers'] technology or levels of service. It was the implementation."
In this interview, conducted at the 2014 Gartner Security & Risk Management Summit, Heiser discusses the specific mistakes cloud providers make, in particular poor stewardship of privileged access, that often result in successful attacks.
Heiser also explains that as a result of incidents such as these, enterprises are going to learn to better recognize where a cloud provider's security responsibilities end and theirs begin. However, that evolution will take time, he added, because cloud computing governance is poor in many organizations and that enables business units to engage in the use of cloud computing without proper security training or oversight.