ISF Lists 'Seven Deadly Sins' of Cloud Computing
The Information Security Forum (ISF) has identified the "seven deadly sins" of cloud computing implementations in a new report, and has offered guidance on how to tackle them.
Tue, March 22, 2011
Computerworld UK — The Information Security Forum (ISF) has identified the "seven deadly sins" of cloud computing implementations in a new report, and has offered guidance on how to tackle them.
The 'Securing cloud computing: addressing the seven deadly sins' report aims to help organisations move quickly to developing business-oriented systems to securing cloud services.
The seven deadly sins outlined in the ISF report are:
-Ignorance - cloud services have little or no management knowledge or approval
-Ambiguity - contracts are agreed without authorisation, review or security requirements
-Doubt - there is little or no assurance regarding providers' security arrangements
-Trespass - failure to consider the legality of placing data in the cloud
-Disorder - failure to implement proper management of the classification, storage and destruction of data
-Conceit - belief that enterprise infrastructure is ready for the cloud when it's not
-Complacency - assuming 24/7 service availability
"While the cost and efficiency benefits of cloud computing services are clear, organisations cannot afford to delay getting to grips with information security implications," said Steve Durbin, ISF global vice president.
"With users signing up to new cloud services daily - often 'under the radar' - it's vital that organisations ensure their business is protected and not exposed to threats to information security, integrity, availability and confidentiality," said Durbin.
He said cloud service providers should be treated like other external suppliers, such as an outsourcer or offshore provider, and should be covered by the same form of contract.
In other recent cloud computing news, Intel (INTC) said (http://www.computerworlduk.com/news/security/3265286/intel-to-use-mcafee-technology-to-beef-up-cloud-security/) it will use assets acquired from McAfee to provide cloud security services to protect the growing number of mobile devices that face malware and cyberattack threats. Intel will first offer security products through software and services and later offer security features via hardware.