Cool as McCumber

Lost in the cloud

But how does an organization looking at cloud computing deal with the elements of security? If your critical information is no longer maintained on your own servers and mainframes, and even the software to manipulate that data is off-site, how can you possibly ensure the confidentiality, integrity and availability of the data? Security managers can delegate many of the functions and protections to an off-site provider, but they can never offload the ultimate responsibility for data they maintain for their organization. If the data is corrupted, stolen, exposed or destroyed, we all know who is going to be held accountable.

The new "old cloud computing model" holds the promise of decreasing costs, more efficient data management and dramatically reduced costs associated with operating data centers and managing specialized IT personnel. For consumers, it's going to be an exciting new world of sleeker, multi-functional endpoint devices such as Apple's iPad. However, it is going to be a new challenge for security practitioners, as we can no longer rely on organizational boundary protection as a primary defensive tool. We will need to think more creatively to ensure we can control the relationship between users, and the data we protect on their behalf.

John McCumber is a security and risk professional, and author of "Assessing and Managing Security Risk in IT Systems: A Structured Methodology," from Auerbach Publications. If you have a comment or question for him, e-mail