The Technocracy Is Over

It was standing room only at CompTIA’s Tech Summit last Thursday in Washington, D.C., as channel members, business owners and reporters crowded into the Washington Hilton for a Q&A and panel discussion around two topics: cloud computing and mobility.

We’re used to hearing about the efficient and cost-effective features of the cloud but the first panel discussion, Security & Cloud Migration Challenges for Business and Government, focused on the darker side— What security questions are created by the cloud and shared services?  What are the best ways to mitigate them?

Scott Crenshaw, vice president,Cloud Business Unit, Red Hat, believes that although the cloud is no less secure than traditional enterprise IT, the risks of general IT are better understood and were traditionally managed by an organization’s IT department.  Now that end-users are more directly engaged, it requires a change in the things they need to know.  Many companies are putting data into the cloud without a clear idea of the risks and without any formal change in IT policy.

Ellen Rubin, founder of CloudSwitch, says that giving cloud access to partners, providers, consultants, even employees can be risky without limits and policies.  People in the enterprise lack knowledge over what cloud has and doesn’t have and most of their information comes from vendor pitches.  Companies need to set guidelines and permissions based on real experience and training.

According to Ron Culler, CTO, Secure Designs Inc., companies need to ask questions of the provider and understand where their data is. Is it stored in the U.S.? Is it a private or public cloud? How easily can you extract untouched data (for legal, etc.) and maintain its integrity?  What is the provider doing to withstand attacks or breaches of their customers systems?  Control of data, understanding of systems, user training and guidelines are key to a secure cloud presence.

The next session, Cybersecurity in the Age of Mobility, tackled the age-old question of how to embrace and utilize innovation in mobile devices while protecting business and consumer data.

According to Brian Contos, director of global security and risk management at McAfee, “the technocracy is over.”  Consumerization of IT has blurred the lines between work and home devices, creating complicated questions about ownership and ethics.  How can companies manage data once it leaves their location?  What is the responsibility of the end-user?  Can devices be used differently in different places?

Andrew Hoog, chief investigative officer, viaForensics, believes that mobile is changing so rapidly, security has been a secondary concern.  Still, simple steps like storing less data on the device, installing an app to remotely wipe the device, even after it has left the corporate network, limiting data access to the internal network and end-user training all can go a long way.

Allan Friedman, research director, Center for Technology Innovation at The Brookings Institution, discussed the important role policymakers have in dictating security policy and the responsibility that comes along with it.  Friedman cautions against lumping “security legislation” under one umbrella, as different threats that require different solutions.