The move to the cloud has disrupted traditional computing architectures, that much most people can agree on. But beyond that there's no consensus as to whether the cloud has increased or decreased security risks, which makes the job of enterprise IT pros tough. Do they recommend corporate data or functions be moved to the cloud, or not?
Pete Lindstrom explains why the question "Does the cloud make you more secure?" can't be answered with a simple yes or no: It's because the answer is not the same for everyone.
Instead, as an IT pro you must weigh many factors before you have the right answer for your enterprise. These factors include whether, and how, your technical architecture might change because of the cloud and whether that, in turn, would it make you more or less vulnerable to attack. How would your pool of users accessing corporate data change? Will your data in the cloud look more appealing and profitable to attackers, or less? These and many other evaluative questions must be considered before you decide whether a move to the cloud makes sense.
The outline that Lindstrom offers includes simple equations to speed your evaluation. He also peppers his talk with other actionable advice—suggesting, for instance, you first move special-purpose and non-core functions with mobile users to the cloud. He also outlines where to fortify defenses (and makes a strong plea for extensive encryption).
This presentation is just what chief information security officers, and other corporate personnel, need before a decision about moving corporate data to the cloud is made.
About the speaker:
Pete Lindstrom, CISSP, is research director for Spire Security, a firm providing analysis and research in the information security field. He has held similar industry analyst positions at Burton Group and Hurwitz Group. He has worked as deputy to the CISO for Wyeth Pharmaceuticals and honed his finance and technology skills in the United States Marine Corps. He holds a finance degree from the University of Notre Dame.