All the latest UK technology news, reviews and analysis
|
|
|
30 Jun 2011
Technology giant HP has said that the security of cloud products is no match for on-premise systems, due to the risk hacking poses to data stored online.
The director of cloud and security at HP Labs, Martin Sadler, said while cloud access made people's lives easier, it came with a number of risks. He added that accusations levelled at cloud technology were not without merit.
"The cloud makes it easier for hackers as there is lots more information for them to get their hands on," he said at an event in London on Wednesday.
"The press portray the cloud as more complex, harder to handle and less secure and it is a difficult environment to get your head around because you don't control everything yourself."
HP chief technologist for enterprise services, Sukhi Gill, added that the push to the cloud meant IT staff needed to enhance their legal skills to raise awareness of the fact data is stored in different countries and subject to different laws.
"IT needs to better understand this journey to cloud computing. Putting together shared infrastructure is difficult for a chief information officer," Gill said.
"We see a maturing of skills in the IT shop, becoming more legal than tech savvy. IT professionals need a more rounded understanding of the market."
Gill said in order to make way for legal skills in IT departments, more technology should be outsourced so staff can monitor the performance of these services, but he noted that IT staff often struggle to let go.
"Everyone maintaining these technologies spends their time validating what outsourcing companies are doing and inspecting the hardware, rather than just monitoring service level agreements," he said.
The issue of legal awareness is likely to grow in time, particularly in the European Union (EU) after the European Commission announced it wants to make data breach notifications mandatory for all businesses.
Despite the concerns raised by HP, the firm offers a number of cloud products. It recently updated its network management software to offer cloud control access and used technology from its 3Par acquisition to push data storage offerings to the cloud.
Latest stories from Software
Related videos
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Ihre Aufgaben Sie sind zuständig für die Beratung...
***MS Visual Basic Programmierer mit Oracle DB-Erfahrung...
IT Business Analyst Location: London, but...
Senior Software Developer Company overview...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Board Member of the Cloud Industry Forum
Articles such as this pose to confuse customers to the realities of cloud solutions. Here we have a cloud committed brand name vendor who in one hand is promoting cloud solutions to its customers and on the other here is advocating the risks. Promoting that by definition cloud makes it easier for hackers is too broad a statement. If incorrectly implemented a cloud solution could of course pose a security risk, but for the greater part of the market, smaller organisations will find that a robust and well chosen cloud provider will be able to utilise greater security regimes and technologies to secure their cloud service than the individual small organisation could ever afford or architect. All solutions have a risk associated, usually balanced to the price point concerned. What cloud vendors can bring to the party is a greater level of efficacy and expertise at a rate affordable to the masses. What is needed for users are simpler ways to compare cloud services, more trusted advisor and independent sources to truly advise on ensuring a safe cloud choice is made. This is no different when choosing on network solutions where the customer could not only make a poor technology selection for their needs, but also risks the implementation or lack of up to date on-going upgrades also putting them at the risk of a security breach. Cloud should be considered like all solutions, for its own merits and involving the relevant diligence. The Cloud Industry Forum (CIF) is contributing to this by providing an independent source and certification for cloud providers to enable end customers to better identify and contrast the cloud providers available in the market in a consistent and open information format.
Posted by: Ian Moyse 06 Jul 2011
Information Security Consultant
I do agree. Many organisations are not performing true risk assessments. Instead they are being driven by a moderate savings identified in a cost / benefits analysis. I outline some of the risks associated with cloud that should be considered: •Lack of transparency about the level of security and the means of deployment, •Differing employment laws in differing countries, •Criminals following the most lucrative markets, •Increased / unknown Administrative access to systems, •Lack of visibility of user access, •Lack of visibility of security incidents, •Risk of collateral damage from attacks on other tenants, •Differing disclosure laws conflicting with differing privacy laws in different countries, •Lock in and lack of flexibility once entered into contract, •Providers ability to change service without consultation or risk assessment, •On an international level, have any of the authorities and regulatory bodies considered the commercial impact of a major compromise on one of the big cloud players.
Posted by: Hugh 30 Jun 2011