Computing podcast: Is your enterprise cloud really as secure as you think?

player-id
RcMmnULn-uSZKziPq

Business users of the cloud share a misunderstanding of their responsibility when it comes to security, agree representatives of Computing, Cisco and Equilibrium Security Services

Many organisations are moving apps and services to the cloud, but there is a fundamental misunderstanding in the security implications, according to guests on a recent Computing podcast.

"Because we [in the IT industry] are using cloud providers, we have a shared responsibility and risk," said Yves Mertens, director of cyber security for EMEA at Cisco. "It's not [that], because you are defining an environment as a customer in the cloud, that you don't have any responsibility any more for what hackers are doing… There needs to be firm education on what people can do and may do."

Anish Chauhan, owner and director of Equilibrium Security Services, said, "There is an enormous wave of belief that the cloud offering...means that the security of that information is being processed and being taken care of, but in actual fact that couldn't be further from the truth.

"There was a phrase a few years ago that I think is still relevant: ‘There's no such thing as a cloud, per se; it's just someone else's computer'. You wouldn't really relinquish all your responsibility for information on the computer just because it's in someone else's possession."

This also touches on the topic of GDPR - subject of another recent Computing podcast - under which both data controllers (owners) and processors (such as cloud providers) share responsibility for data security. The relevant part of the ICO definition is replicated below:

‘If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach.

‘However, if you are a controller, you are not relieved of your obligations where a processor is involved - the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.'

For more about cloud security - including what to do if you are the victim of ransomware and an exhaustive discussion about Office 365 - listen now using the link above.