Google Enterprise's security director Eran Feigenbaum has urged CIOs to strike iron-clad contracts to ensure their applications remain secure in the cloud.
Speaking with iTnews at the Australian Information Security Association (AISA) Conference in Sydney last week, Feigenbaum argued that cloud environments tended to be inherently more secure than in-house infrastructure.
Feigenbaum said major cloud players had the resources and the security staff to fend off traditional cyber threats.
“The thing to remember,” he said, “is not all cloud vendors are created equal.
"We have the 300 security staff, which is more than most government agencies, as well as the resources to invest in security innovation.”
Feigenbaum said CIOs contemplating a move to the cloud need to ask incisive questions of their potential providers, including whether they were ISO or SOC2 certified and whether that certification was recent and audited.
“The other key question a CIO must ask is about transparency,” he said. “If there is a security breach, will they inform you it has happened and what has been done about it?”
CIOs also needed to have iron-clad contracts with their provider, he said, with contracts outlining who would be responsible in the event of a data breach, and whether financial penalties would be paid.
“This is where it pays to deal with a large vendor,” he said. “They’re not going to go anywhere. A small provider can simply shut up shop.”