Industry needs to come clean on cloud security: Trend Micro

A leading security expert has warned of widespread data theft as more and more organisations move their information into the cloud, and urged firms to consider data encryption by key management as the only viable way to mitigate this risk.

Speaking to VNU as part of its Information Overload Summit, Dave Rand, chief technology officer of Trend Micro, argued that IT teams want to move to cloud computing because of the cost savings, but are put off by the lack of data protection assurance offered by any of the major cloud providers.

"Most cloud service providers don't have any data backup strategy; there are no adequate security measures recording who's accessing the data, and the reason is the effect on performance," he explained.

"In the next few years there will be a move towards controlling the data itself or keeping it secure by default – encrypting it by key management at the point of production and decrypting it at the point of consumption."

However, real-time data encryption and key management is no panacea, Rand warned, as it can be open to data being "snooped in-flight", and if organisations lose their keys, any data would be irretrievable.

"The IT security industry needs to own up and say it doesn't have all the answers – but with the emergence of the cloud we have to come to a conclusion," said Rand.

"Between now and widespread adoption, we will see massive data theft occurring as people move into the cloud. There will be repeated issues of data going astray, and when it occurs people will get fired and they will be yelling, and then they'll finally realise it's not just protecting the integrity of the system that matters, but the data."

Howard Schmidt, president of the Information Security Forum and former White House cyber security adviser, argued that strong authentication, as well as encryption of data in transit and at rest, are essential to securing cloud environments.

However, he said that most cloud providers are already listening to and working on customers' requests for this kind of functionality to be built into their environments.