Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A leading security expert has warned of widespread data theft as more and more organisations move their information into the cloud, and urged firms to consider data encryption by key management as the only viable way to mitigate this risk.
Speaking to VNU as part of its Information Overload Summit, Dave Rand, chief technology officer of Trend Micro, argued that IT teams want to move to cloud computing because of the cost savings, but are put off by the lack of data protection assurance offered by any of the major cloud providers.
"Most cloud service providers don't have any data backup strategy; there are no adequate security measures recording who's accessing the data, and the reason is the effect on performance," he explained.
"In the next few years there will be a move towards controlling the data itself or keeping it secure by default – encrypting it by key management at the point of production and decrypting it at the point of consumption."
However, real-time data encryption and key management is no panacea, Rand warned, as it can be open to data being "snooped in-flight", and if organisations lose their keys, any data would be irretrievable.
"The IT security industry needs to own up and say it doesn't have all the answers – but with the emergence of the cloud we have to come to a conclusion," said Rand.
"Between now and widespread adoption, we will see massive data theft occurring as people move into the cloud. There will be repeated issues of data going astray, and when it occurs people will get fired and they will be yelling, and then they'll finally realise it's not just protecting the integrity of the system that matters, but the data."
Howard Schmidt, president of the Information Security Forum and former White House cyber security adviser, argued that strong authentication, as well as encryption of data in transit and at rest, are essential to securing cloud environments.
However, he said that most cloud providers are already listening to and working on customers' requests for this kind of functionality to be built into their environments.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.