A new report from independent information security body, the Information Security Forum (ISF), identifies ‘seven deadly sins’ of cloud computing implementation and offers guidance on how to tackle them.
The aim of the new report – Securing cloud computing: addressing the seven deadly sins – is to help organisations move quickly to developing practical, business-oriented solutions to securing cloud services, drawing from insight from the ISF’s global Membership.
The seven deadly sins outlined in the ISF report are:
- Ignorance – cloud services have little or no management knowledge or approval
- Ambiguity – contracts are agreed without authorisation, review or security requirements
- Doubt – there is little or no assurance regarding providers’ security arrangements
- Trespass – failure to consider the legality of placing data in the cloud
- Disorder – failure to implement proper management of the classification, storage and destruction of data
- Conceit – belief that enterprise infrastructure is ready for the cloud when it’s not
- Complacency – assuming 24/7 service availability.
“While the cost and efficiency benefits of cloud computing services are clear, organisations cannot afford to delay getting to grips with their information security implications,” says Steve Durbin, ISF Global Vice President. “With users signing up to new cloud services daily – often ‘under the radar’ – it’s vital that organisations ensure their business is protected and not exposed to threats to information security, integrity, availability and confidentiality.
“As our report makes clear, we recommend that cloud service providers are treated like other external suppliers, such as an outsourcer or offshore provider, and should be covered by the same form of contract’”, adds Durbin.
An executive summary of the new report is available from https://www.securityforum.org/about/sampledocuments/publicdownloadcloud/ while the full report – available only to ISF Members – offers more detailed practical guidance in the form of a checklist of actions and a set of common baseline arrangements that organisations can use to secure cloud services. The ISF also offers Members an external supplier assessment tool, which enables organisations to assess and record the maturity level of individual suppliers.