7 deadly sins of cloud computing

By Antony Savvas, Computerworld UK |  Security 2 comments

March 22, 2011, 1:44 PM The Information Security Forum (ISF) has identified the "seven deadly sins" of cloud computing implementations in a new report, and has offered guidance on how to tackle them.

The 'Securing cloud computing: addressing the seven deadly sins' report aims to help organisations move quickly to developing business-oriented systems to securing cloud services.

The seven deadly sins outlined in the ISF report are:

-Ignorance - cloud services have little or no management knowledge or approval

-Ambiguity - contracts are agreed without authorisation, review or security requirements

-Doubt - there is little or no assurance regarding providers' security arrangements

-Trespass - failure to consider the legality of placing data in the cloud

-Disorder - failure to implement proper management of the classification, storage and destruction of data

-Conceit - belief that enterprise infrastructure is ready for the cloud when it's not

-Complacency - assuming 24/7 service availability

"While the cost and efficiency benefits of cloud computing services are clear, organisations cannot afford to delay getting to grips with information security implications," said Steve Durbin, ISF global vice president.

"With users signing up to new cloud services daily - often 'under the radar' - it's vital that organisations ensure their business is protected and not exposed to threats to information security, integrity, availability and confidentiality," said Durbin.

He said cloud service providers should be treated like other external suppliers, such as an outsourcer or offshore provider, and should be covered by the same form of contract.

In other recent cloud computing news, Intel said (http://www.computerworlduk.com/news/security/3265286/intel-to-use-mcafee...) it will use assets acquired from McAfee to provide cloud security services to protect the growing number of mobile devices that face malware and cyberattack threats. Intel will first offer security products through software and services and later offer security features via hardware.


Originally published on Computerworld UK |  Click here to read the original story.

2 comments

    Anonymous 47 weeks ago
    Cloud ComputingI guess security is the biggest issue for Cloud Computing and the only solution is to choose the most reputable provider.BTW, Great article. What about The Ten Commandments of Cloud Computing?
    Flag comment  |  Permalink Reply
    Anonymous 48 weeks ago
    You mention the report and outline its contents which is nice. However unless I'm missing something, you don't provide any links to find the report, or even to the organization that produced it.I guess I'm off on a treasure hunt now . . .
    Flag comment  |  Permalink Reply

      Add a comment

      Post a comment using one of these accounts
      Or join now
      At least 6 characters

      Note: Comment will appear soon after you have activated your account.
      Obscene/spam comments will be removed and accounts suspended.
      The information you submit is subject to our Privacy Policy and Terms of Service.

      ITworld LIVE

      SecurityWhite Papers & Webcasts

      White Paper

      Expert Guide to Secure Your Active Directory

      Layered security is the way to go when it comes to protecting Active Directory. This expert e-guide explains the best method to use when planning and designing a security solution. Find out why it is important to secure Group Policy settings and discover how managed service accounts boost server security in R2.

      Webcast On Demand

      Virtualization KnowledgeVault

      The resources in this Virtualization KnowledgeVault provide expert advice. You don't have to go it alone - take advantage of all the assets in this KnowledgeVault that will give you the expert help you need.

      Sponsor: Dell

      White Paper

      Overcome Top 7 Admin Challenges of Active Directory

      As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable, enforceable processes that reduces administrative overhead and enables robust, customizable reporting and auditing capabilities. Brought to you by NetIQ.

      White Paper

      Insiders Can Ruin Your Company. Take Action.

      Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in organizations worldwide. This white paper from NetIQ, discusses key technology solutions that help to prevent and detect insider threats.

      White Paper

      Top Solutions and Tools to Prevent Devastating Malware

      Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring (FIM) tools that provide immediate alerts. This white paper has been brought to you by NetIQ, the leader in solving complex IT challenges.

      See more White Papers | Webcasts

      Answers - Powered by ITworld

      ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

      Join Now

      New questions

      Why would Microsoft release Office for the iPad?
      0 answers
      After an admin installed software that I know nothing about, what can I do to ensure it is secure?
      0 answers
      Why did Pinterest suddenly become the "hot new thing"?
      0 answers
      How do you define HYBRID cloud computing?
      0 answers
      What do you think about the Samsung Galaxy Note, step forward or step back?
      2 answers
      View more questions

      Ask a question

      Join Now or Sign In to ask a question.
      Ask a Question