As off-the-shelf cloud computing offerings from major IT providers become more commonplace in the market, more companies are looking to move various functions—including data processing, storage, and email—into the cloud. However, as noted by industry executives at the Cloud Security Alliance Summit last month, without clarity regarding data security and privacy oversight, certain industries, particularly those regulated by the federal government, have resisted moving to the cloud until IT providers are willing to take on certain oversight responsibilities.
According to IT security executives, well-drafted contracts for cloud services should include detailed descriptions of the parties’ duties. Agreements must be clear regarding which party is responsible for maintaining and sharing details on security incidents and authentication logs. These delineations are particularly important as companies seek to store data in secured cloud systems as a way to reduce the security threat to internal networks and systems.
Still, certain industries, including the financial services industry, have kept cloud providers at an arm’s length until these potential providers are willing to agree to more stringent security requirements and, more importantly, audit rights as required by federal regulations. With data breaches still common, cloud providers must continue to improve their security offerings and take on more obligations and risk before major industry players will seek out cloud computing resources.