The cloud is secure enough for what it is used for, but more work needs to be done on cryptography and key management as “distributed computing” will stick.
Speaking on a panel at the Trust in the Digital World conference in Madrid, Steve Purser, head of operations at ENISA said that cloud is “secure enough but we need to do more work” to deal with modern risks.
He said: “The current state is that ENISA recommends critical infrastructure runs over traditional infrastructure at the moment, and one factor is availability, but this gets forgotten in the risk conversation.”
Panel chair Raj Samani, CTO of Intel Security and Cloud Security Alliance board member, claimed that the cloud is “not secure enough”, while participant David Barroso, CTO of Telefonica, claimed that it is “difficult to understand what the cloud is”, but there are many thoughts on security that need to be changed post Edward Snowden’s leaks.
Asked whose it is responsibility to drive frameworks for real time assurance, Barroso said that it was private industry, while Raul Riesco Granadino, cyber security excellence program manager at INCIBE said that the industry has already started with the Cloud Security Alliance and if you want to make a business, you have to know in terms of data, the threat and can control it.
Purser said: “Ressponsibility should not be alone with public sector, as there are somethings that industry cannot influence and there may not be business case, and public and private sectors may not work together hand in hand but the private industry has to play an important role here, as there is a limit to what they can achieve before the public sector steps in.
“We are too far along the road with the Internet of Things as it introduces a new level of risk and it is the responsibility of the public sector to point out what is happening.”
Asking if cloud computing is ubiqutous or a slowing businesses down, Barroso said that he thought it would grow and be cheaper to have servers in cloud, as there are power and scalability benefits, but there is a need to tackle the security layers
However Purser claimed that it will not survive and cloud is just another “latest thing”. He said that instead what will stick is distributed computing, but there will be a new term and said that the IT industry is good at naming, but there will be an evolution to exist in some form.