Heavily regulated industries like banking and healthcare have been reluctant to make the virtualized leap to the cloud, fearing a loss of control could open them to unforeseen risk. Are their concerns unfounded?
"We shouldn't make the false choice between security and innovation," Federal CIO Steven VanRoekel says. "In fact, innovation can make us more secure as long as we build security into everything we do."
"Matching an implementation to the cloud definition can assist in evaluating the security properties of the cloud," says computer scientist Peter Mell, author of The NIST Definition of Cloud Computing.
The Department of Homeland Security is undertaking nine private and three public cloud computing initiatives, establishing private cloud services to manage sensitive but unclassified information while using the public cloud for non-sensitive data.
Ineffective or noncompliant security practices of service providers, the inability of customers to examine controls, the prospect of data leakage and the loss of data if a cloud service is terminated present challenges.
"With a company-issued device, you can issue a policy that says users have no rights of privacy over information on the device," says Javelin's Tom Wills. But with employee-owned devices? A whole new set of issues.
Information security poses a major challenge to the widespread adoption of cloud computing, yet the Cloud Security Alliance, an association of cloud stakeholders, sees the cloud as a provider of information security services.
Whether you're preparing for the upcoming HIPAA compliance audits, pondering a move to cloud computing or developing a social media policy, it pays to get privacy and security tips from experts in the field.
Cloud computing contracts often assign certain liabilities to the customer. That means healthcare organizations, in some cases, may need additional insurance coverage, warns consultant Gerard Nussbaum.
Before entering a contract with a cloud computing vendor, it pays to do your homework on key privacy and security issues, three experts advise. They suggest demanding transparency into the details of all cloud operations.