tISS: Data Security in the Cloud

Download the Output Report from this Corporate IT Forum Information Security Service (tISS) workshop attended by 22 delegates representing 18 organisations. Represented industries include chemical, county council, construction, finance, global engineering, government, logistics, market research, media, pharmaceuticals, publishing, transport and utilities.

Activity amongst corporate IT professionals repeatedly highlights the data challenges for enterprises using commercial cloud solutions. Cloud services appeal because they are cheap and quick to set up, however this ability to purchase IT services on a credit card and slip through the security net is exactly why information security professionals are concerned about the nature of company data being transferred to the cloud.

With cloud service providers themselves announcing that they wouldn't keep their sensitive data in the cloud, why on earth should they expect their customers to? The recently published Ponemon Institute report finds that most cloud service providers did not consider security as one of their most important responsibilities, instead passing the responsibility for the protection of sensitive information back to their customers.

The wealth of regulations and legislation concerning data can also be confusing, there is so much regulation in place now that organisations spend their whole time spinning plates, following regulations to prevent costly fines rather than focusing on understanding and managing their risks.

This report strips back the hype of cloud computing to look closely at the issue of the value of company and personal information and how it is handled, and recognises the need to approach cloud service providers with their needs if anything other than non-sensitive data is to be kept in the cloud.