Misconceptions abound regarding the approach enterprise information security
professionals must take in order to successfully address cloud computing security risks in their
organizations. It's unfortunate when those misconceptions are perpetuated, even inadvertently.
Highlighting the long and distinguished history of ADP as a cloud services provider, LaRosa
discussed how the vendor not only processes the payroll of one of out every six Americans and
transfers $1.4 trillion annually, but also manages medical records, retirement and flexible
spending accounts, human resources data, and tax filings -- in addition to providing a variety of
hosted software products. Even though they never realize it, he said, the company provides
essential services for millions of Americans via the cloud.
He also noted how even the U.S. government's rapidly increasing use of cloud computing has
resulted in several cloud computing providers' infrastructures being deemed critical national
infrastructures, meaning that their incapacitation or destruction, to borrow the bleak assessment
of the U.S. Department of Homeland Security, "would have a debilitating effect on security,
national economic security, national public health or safety, or any combination thereof."
Without even knowing it, the general public has silently accepted cloud computing as a necessary
and essential part of everyday life, yet according to LaRosa, many information security
practitioners struggle to understand why businesses are adopting the cloud.
"If all of us by default have this level of trust in the cloud, why are we so uncomfortable when
the business units come to us and say, 'I'm going to put this data out in the cloud'?" asked
LaRosa. As he sees it, even though society has already come to trust the cloud tacitly, security
pros still "push back" against enterprise cloud computing initiatives.
Continue Reading..by