Government and IT specialists may change cloud governance

That's among top findings from a study focused on the public sector, by systems giant CSC, that sheds light on a possible future for the private sector and manufacturing. It shows that users are open to sharing sensitive activities in the cloud, as long as parties involved share similar characteristics and have the same approaches to security. Interestingly, however, the research also reveals that the main barrier to adopting cloud services is the different approaches to IT security across users – although it also shows that there is still confusion about the cloud. That said, Ron Knode, CSC's director for global security solutions, suggests that enthusiasm to find a middle ground on governance was demonstrated by the majority of respondents (65%) being willing to share SOC (Security Operations Centre) services, as an interim measure to build trust. He points out that respondents also said that a reduction in the number of audit events to be monitored – along with a revision to internal governance, risk and compliance policies and processes – were the two most important compromises when migrating to cloud services. "The most startling discovery in the survey is that the public sector is flexible and willing to look at alternative approaches to certain aspects of security, and develop stepping stones towards using shared services," comments Knode. "Previously, nobody was willing to do this – departments had their rules and that was that. Now suddenly, people are indicating that 'if you're a lot like me,' maybe they can come together with an altered set of governance processes and decision-making criteria." The report, entitled 'Shared Services: A perfect storm of opportunity', was authored by CSC with support from UK government body CESG (Communications-Electronics Security Group), the information assurance arm of GCHQ. Respondents included 200 senior security and IT experts, working across central and local government and their suppliers, who attended the Government's Information Assurance event, IA10, last September.