Air Date
October 21, 2020
Featured Guests
Stephen Anderson
Acting Deputy Assistant Secretary, International Communications and Information Policy, U.S. Department of State
Raj Nagaratnam, PH.D.
IBM Distinguished Engineer, CTO BM Cloud Security
Dan Mellen
Managing Director, Global Cloud Security Lead, Accenture Security
Ed Cabera
Chief Cybersecurity Officer, Trend Micro
Moderator
Vincent Voci
Vice President, Cyber Policy and Operations, U.S. Chamber of Commerce
However, despite cloud services increasing rapidly, there are still many misconceptions floating around today. To help educate and inform our audience, the Chamber of Commerce recently discussed cybersecurity for cloud services with several experts. Below are four takeaways from our panelist’s discussion.
International Governments Will Need to Work Together on Global Cybersecurity Issues
Stephen Anderson, Acting Deputy Assistant Secretary of International Communications and Information Policy for the United States Department of State, highlighted several geopolitical flashpoints about how cloud public policy frameworks are diverging and the risk for secure and trusted platforms. The availability of cloud computing has created tremendous economic growth opportunities but also increases the risks associated with untrusted providers. As we move forward with using cloud systems, we’re going to have to work with international governments to create a workable system of accountability.
This provides a great challenge, as policies around technology are different in China compared to those in Europe. We have to work together for the growth of the private sector while protecting our citizen's personal information and decreasing the risk of espionage.
“We urge all governments and businesses to conduct a thorough risk-based evaluation of their ICT [Information and Communication Technology] hardware and software service providers,” Anderson stated. “The [United States] government has taken numerous steps to address these concerns and to promote trust in the global ICT supply chain.”
A Common Misconception Is the Cloud Has More Data Breaches
Many users have an inherent distrust of the cloud. Because they cannot physically see the cloud, they believe it is more prone to data breaches.
According to Dan Mellen, Managing Director of Global Cloud Security Lead for Accenture Security, these breaches aren’t because of the technology but rather user error.
“We've seen that the incidents associated with the cloud have been misconfigurations tied to tenant activities,” Mellen said. “It's not necessarily more exposure or more accessibility driving more security events, but it's the tenants, the customers using cloud, misconfiguring the cloud services, and that resulting in data exposure.”
There’s Shared Responsibility Between Client and Provider
Not all cloud systems are the same. With this in mind, countries and businesses are going to have to think strategically as to how to enhance cybersecurity, as there is no one-size-fits-all solution. Sometimes it will involve having a closed certification system, and other times we'll need to raise global industry standards for cloud practices.
Raj Nagaratnam, IBM’s Distinguished Engineer of CTO BM Cloud Security, discussed the importance of cloud providers working with their partners, be it individual enterprise or banking, or governments in order to create a system that provides a constant set of standards.
“When it comes to cybersecurity and cloud, cooperation and standardization are key,” Nagaratnam said.
The Future of the Cloud Is Intertwined With AI
We're still a way away from cloud systems being standardized. And we're even further from functioning multi-cloud systems working together. But looking down the road, Nagaratnam predicts future cloud systems will accelerate business transformation and anchor edge computing and the internet of things while applying artificial intelligence.
“We see the future in terms of hybrid multi-cloud with the AI intertwined from a business transformation perspective,” Nagaratnam said. “Grounding that with a deep security and compliance, expertise, and controls that [are] automated, continuous and consistent is key.”
From the Series