Ignorance and Ambiguity are among the seven deadly sins of cloud computing, according to the Information Security Forum’s (ISF) report looking at the implementation of and guidance for this technology.
Securing cloud computing: addressing the seven deadly sins aims to help organisations move quickly to develop practical, business-oriented solutions to secure cloud services, drawing from insight from the ISF’s global Membership.
Ignorance – cloud services having little or no management knowledge or approval; ambiguity – contracts are agreed without authorisation, review or security requirements; doubt – little or no assurance when it comes to providers’ security arrangements; trespass – failure to consider the legality of placing data in the cloud; disorder – failure to implement proper management of the classification, storage and destruction of data; conceit – belief that enterprise infrastructure is ready for the cloud when it’s not; and complacency – assuming 24/7 service availability, are the seven sins.
“While the cost and efficiency benefits of cloud computing services are clear, organisations cannot afford to delay getting to grips with their information security implications,” commented Steve Durbin, ISF global vice president. “With users signing up to new cloud services daily – often ‘under the radar’ – it’s vital that organisations ensure their business is protected and not exposed to threats to information security, integrity, availability and confidentiality.”
The ISF recommends that cloud service providers are treated like other external suppliers, such as an outsourcer or offshore provider, and be covered by the same form of contract.
The report is available to ISF members, although an executive summary is available here.
Latest News
Creating value together: Strategic partnerships in the age of GCCs
As Global Capability Centres reshape the financial services landscape, one question stands out: how do leading banks balance in-house innovation with strategic partnerships to drive real transformation?
Data trust in the AI era: Building customer confidence through responsible banking
In the second episode of FStech’s three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech examines the critical relationship between data trust, transparency, and responsible AI implementation in financial services.
Banking's GenAI evolution: Beyond the hype, building the future
In the first episode of a three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech explores how financial institutions can navigate the transformative potential of Generative AI while building lasting foundations for innovation.
Beyond compliance: Building unshakeable operational resilience in financial services
In today's rapidly evolving financial landscape, operational resilience has become a critical focus for institutions worldwide. As regulatory requirements grow more complex and cyber threats, particularly ransomware, become increasingly sophisticated, financial services providers must adapt and strengthen their defences. The intersection of compliance, technology, and security presents both challenges and opportunities.
© 2019 Perspective Publishing Privacy & Cookies
Recent Stories