#DSCloud16: Balancing business and security when moving to the cloud
15 June 2016 |
Balancing functionality and information security can be a tricky business for firms looking to move to the cloud.
When asked who had complete confidence in their cloud security, nearly no conference delegates raised their hands, illustrating why this is such a key point for discussion.
Nick Bleech, head of information security at Travis Perkins, said: "Two words sum up the problem, and those are 'risk appetite'... There is an awful lot of technology around but the reality is it is still someone else's computer."
Because of this, there is often conflict between different parts of organisations with different priorities when it comes to cloud security.
Roulla Williams, chief technology officer at Paratus, said: “The fact is you always have [those who want] revenue and profit knocking heads with [those concerned with the] risk appetite.”
She said the key to a successful strategy is to get these two groups together and speaking a common language to decide exactly what is acceptable and how the data in the cloud is going to remain secure.
Then it is a matter of getting transparency and information from suppliers in order to trust them with that data – a process that is often an issue when providers are on their guard about exactly how their services work.
“The responsibility lies with us and the service provider,” Williams said. “So trust is very important and it is important to work together.”
According to Frank Jennings, a partner at Wallace, organisations need to look carefully at the small print offered by suppliers to make sure it backs up promises made about security.
“There is no reason why you cannot get a perfectly good cloud service and there are some very good ones out there,” he said. “It is just a shame that when you get the contract you often do not get that legal reassurance, and as a customer ultimately the buck stops with you.”
With larger fines on the horizon from the EU’s General Data Protection Regulation, he advised delegates that now is the time to make sure their cloud contracts are in order.