Is the cloud more or less secure than traditional IT infrastructure?
That’s a question that Jim Reavis, Co-Founder and Executive Director of the Cloud Security Alliance (CSA), discussed during a keynote session at the SecTor security conference.
“It’s not like we think that any outsourced cloud provider is less secure than our own infrastructure,” Reavis said. “It’s just that we don’t have the same transparency.”
The CSA is a non-profit organization with some 39,000 members worldwide and a focus on research, certification and building awareness. Reavis noted that it has taken almost 25 years to get a handle on PC security and he doesn’t want it to take that long for the cloud.
“The informed consumer is a missing component in making cloud providers more transparent in terms of what they are doing,” Reavis said. “That is the only way we’d be able to know and provide assurance that that appropriate service is being delivered.”
Reavis argued that there needs to be a mindset that consumers have a right to know what cloud providers are doing. He stressed that it’s also something that all cloud users need to ask for.
“We can’t do it as individual companies, where we have less and less ability to influence a cloud provider,” Reavis said. “So we have to work together.”