As cloud services gain traction in mainstream business settings, securing these virtual environments has become more important than ever. However, panelists at the Cloud Security Alliance Congress suggested that placing legal departments front and center of this risk management task could be a mistake. According to Network World, former eBay CISO Dave Cullinane explained in his keynote that lawyers are concerned with sharing information regarding security breaches with IT departments, but hackers have started to work better in collaboration than the businesses they are attacking
Cullinane told the crowd that lawyers tell security executives that they shouldn't share information because they don't know where it will go, but he thinks this is ironic since attackers are working on ways to improve abilities to attack the bigger corporate targets at these companies, according to the news source. He believes this needs to change and information needs to be anonymized to better encourage information-sharing and security.
Network World said the reality of it is that even smaller business operations are living in a threat landscape that has now gone global. Cullinane said when he left eBay, there were many attacks coming in through the cloud, including malware and denial of service attacks that were hitting servers stationed across multiple countries.
In another speech at this event, a security expert said victimized companies are being "hunted" by cybercrime units in Asia and Eastern Europe. He suggested that IT professionals are going to have to work harder than ever to explain to lawyers and the legal department what threats they are facing.
Where the standards stand
Mark Radcliffe, senior partner at law firm DLA Piper, told the Christian Science Monitor that the problem cloud computing has is that many servers are based in different areas geographically and there are not as many realistic assumptions as there should be about what the cloud will bring to the table business-wise. He said the industry is currently like the "wild west" as heterogeneous standards and regulations breed confusion.
"Why? Who knows where the servers really sit?" the news source asked. "They may be in the United States, governed by American laws. Or they may be across the pond in Europe, where there are rather stringent privacy rules. Regardless of where the company is based, the location of the servers determine in some large part who can legally gain access to the content on them and how."
This is an area of cloud computing security where legal counsel should, instead of impeding progress, step in and help their companies make better, more educated decisions about how security should work.
Cloud Security News from SimplySecurity.com by Trend Micro,