Cloud Security Is About Confidentiality, Integrity And Availability

It has been reported this week in the German media that EU Digital Agenda Commissioner Neelie Kroes is calling for uniform rules for more legal security and privacy for cloud users.

I think that businesses will all agree with EU Digital Commissioner Neelie Kroes when she says that the cloud should be more secure with uniform implementation for security and privacy. But like the recent Cookie initiatives, the comments about managing ‘your cloud’ and personal privacy, will have little effect on the individual, but put increasing burden on businesses to demonstrate controls.

Controls that in many cases are less than those implemented already. Or controls that the individual just simply ignores – who isn’t already immune to the little pop-up about cookies?

Whilst I welcome any initiatives that take a lead in promoting information security and the Commission is leading the way in this, you cannot address the cloud in isolation – it involves privacy, liability and transparency, all of which impact the individual as well as the business providing the service.

Most individuals are not aware of the issues and not concerned until something goes wrong. This situation should not continue, but the Commission needs to look across a broader set of issues and not simply a new way of providing services – cloud.

The assumption that ‘my data is secure’, should be reinforced through the cloud provider being able to clearly demonstrate the core principles of information security – namely Confidentiality, Integrity and Availability. This involves more than putting regulations on cloud providers, but a wholesale review of how data and personal information is managed and secured in the 21st Century, where I can access commercially sensitive information from any device at anytime from anywhere.

Equally my data can be located anywhere on any device. If a business can clearly demonstrate that the information is protected to an agreed level, why does it matter where it is stored? Whilst the EU wants to promote European businesses, restricting business practice will stifle innovation and limit competitive advantage.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Garry Sidaway is Global Director of Security Strategy at NTT Com Security (formerly Integralis), the global information security and risk management organisation, where he works with global enterprise customers to help them address the challenges of embedding information security and risk management into the security fabric of their business.