L'emploi du cloud-computing ouvre la voie à de nombreux cauchemars quant à la sécurité du SI, malgré les discours rassurants des fournisseurs. Le Jericho Forum vient de publier un document explosif.
Businesses installing cloud computing environments risk opening a "Pandora's Box of security nightmares", according to independent security group the Jericho Forum.
The Forum has Friday launched a document aimed at educating businesses about the security risks associated with moving to a cloud computing model. It described the paper as a "work in progress" and has called on key stakeholders, including end users and vendors, to work with them to establish best practices for securing collaboration in the cloud.
The paper details a Cloud Cube Model that describes various types of cloud computing environments, and the associated security issues.
According to Jericho, security, identity and access management are currently immature in the cloud computing setting, especially when it comes to collaboration between enterprises.
"The cloud approach to organising business can be both more secure and more efficient than the old-style silo structure," said Adrian Seccombe, chief information security officer at pharmaceuticals firm Eli Lilly and Jericho Forum board member.
"On the one hand cloud computing offers a compelling opportunity to achieve a more effective solution, do more with less, and deliver cost savings coupled with extreme flexibility and scalability. Viewed from a different perspective it opens a potential Pandora's Box of security nightmares, not least of which is loss of data confidentiality and integrity."
But the Forum said cloud computing could become more secure than traditional environments if the right controls are put in place.
"In fact, a pure cloud model really can make the user king, providing him with ultimate flexibility. But reaching that pure level is not easy. It's essential to get the foundations right and for each business to develop a cloud model that enables consumerisation, drives down cost and reduces risk," said Seccombe.
The model defines four criteria by which to measure types of clouds: whether it is internal or external; proprietary or open; insourced or outsourced; and whether it has a security perimeter or not.
Companies are advised to first classify their data according to sensitivity and regulatory or compliance restrictions, before deciding which data and processes to move to the cloud and which cloud models to adopt.
toute l'actualité "International"
Chiffres-clés
Evènements
Comment percevez-vous le DSI de transition comme Philippe Tassin interviewé dans CIO.PDF 15 ?
