Security professionals must mitigate risks in the next generation of computing, according to the not-for-profit Information Security Forum (ISF) president and CEO, Prof. Howard Schmidt.
Researchers at the ISF say they have drawn on the knowledge and experiences of their more than 300 members to identify the risks posed by cloud computing and are now offering mitigation strategies.
"With the pace of interest and adoption of cloud computing services increasing, information risk and security professionals need to stay ahead of the curve to support their organisations," says Schmidt.
The ISF research focuses on what it sees as four major issues to ensure the confidentiality, integrity and availability of computing in the cloud: customer, connectivity, supplier and statutory.
"The research is designed to ensure that customers of cloud computing can make informed business decisions that include strong consideration of security processes to minimise exposing information and organisational systems to either increased or new risk," says Adrian Davis, senior research consultant at the ISF and author of a report on cloud computing, due to be published next month.
Many organisations see the attractions of cloud computing – from pay-as-you go pricing to avoiding the costs of developing and maintaining infrastructure, meeting peak demand quickly and flexibly, and greener computing, warns Schmidt. And therein lies the potential problem.
"While cloud computing discussions have been prominent, many of the technologies and services associated with it have been around for years and are now maturing and being implemented in new ways to provide dynamic, scalable and virtualized computing infrastructures, platforms and applications," he warns.
"As a leading independent authority in information security, it is vital that we cut through the hype and vendor claims to help ISF Members put the right controls and technologies in place to take full advantage of cloud computing, without putting their organisations at risk."