Cloud Services Force You to Reconsider Your Risk Model
- With business groups launching and using cloud-based services, IT is no longer the gating factor for IT infrastructure.
- Risks change, but whether it’s in the cloud or on premises, you still have to encrypt data, only give access to those who need it, and make sure nobody can break in.
“It’s not even a question of controlling access. It’s a question of knowing what’s happening.”
Moving IT assets into the cloud creates new security challenges, but what is the exact nature of those challenges, and how do you best manage them?
“I don’t see this as a new security problem. I see this as a governance problem,” says Javed Ikbal. He compares it to the earlier days of mainframe computing when people logged in at a terminal, did their work, and got billed by the hour or minute. The mainframe itself may have been located far away and shared by other users. This model mostly went away when with the arrival of powerful desktop computers.