ISC West 2011ISC West panel to focus on cloud computing security threats

As businesses increasingly turn to cloud computing solutions, security professionals have become concerned with the challenges of securing data that is stored off-site in light of growing numbers of cyber security attacks.

Unlike existing servers where data and processes are stored in proprietary systems, cloud computing relies upon the servers and security of a third party provider.

While cloud networks offer smaller businesses low cost technology solutions and remote access to data anywhere, this also leaves data beyond a company’s span of control.

To discuss cyber security on cloud computing networks, a panel at the upcoming ISC West conference will focus on security solutions and risk management plans.

The panel will feature Jon Herlocker, the chief technology officer of EMC Mozy Cloud Services, Brian Lohse, director of business development with Secure-i Inc, and Josh Gervey, a managing consultant with CompuCom.

Transitioning to cloud computing systems carries several hidden security threats.

In particular, using cloud networks places the data of smaller organizations in the same system as that of larger more high profile organizations that may be the target of cyber attacks. As a result, all other data on the network could become collateral damage or be used as a point of entry for hackers gunning for bigger companies.

With network providers controlling all the data and handling security, partnership and communication becomes a critical element to protecting data.

To that end, Microsoft, a large advocate for cloud computing, has argued that with cloud computing, vendors are ultimately responsible for establishing trust and proving that their cloud networks are secure.

Adrienne Hall, general manager of Microsoft’s Trustworthy Computing group, said the transition to cloud computing is “as big a shift for IT as the shift from mainframes to computers” and that “a key element is trust” in winning over skeptical businesses.

To prove its reliability, Microsoft has transparently assured companies that its infrastructure is up to date and secure by posting its certifications and accreditations that undergo regular audits by independent organizations.

Additionally Microsoft says it lays out all of its data handling procedures in service agreements.

The company also encrypts all of its data and scans for cyber threats daily.

“If there’s some sort of new threat, by scanning daily we have systems that can alert us,” Hall said.

The ISC West panel will be held on 6 April 2011 and covers four key points: “[describing] security standards and how they apply to decisions made for storage security; the three security advantages and disadvantages of storing data off-site; [assessing] the competency of cloud service providers on the market from a security perspective; and [constructing] a defensible story to demonstrate risks and benefits of off-site storage to end-users.”

The panel is part of the ISC West Conference and Expo held in Las Vegas from 6 April to 8 April. The event is one of the largest expos for security professionals in the world and is expected to attract more than 23,000 people and 900 manufacturers.