Dave Asprey, VP Cloud Security at Trend Micro, talked at length about the changing landscape of mobile devices and the integration of consumer-based products into the workplace. Inevitably, he said, new consumer technology spreads to the office, where it can become a challenge for IT, particularly in relation to security. The problem, he noted, isn't just that these devices can open entry points to the network, but that employees can disseminate potentially sensitive information, for example through social networking services.
Part of the reason for this, he says, is that people live their lives through their smartphones, tablets, and laptops and using services like Facebook, Twitter and Gmail. Often these gadgets do double-duty as work and personal devices, so it's not realistic or even desirable to limit the use of them in the workplace.
The solution, according to Asprey, is to secure the devices and secure the cloud services they use, with, of course, products like those offered by Trend Micro. For Mark McWilliams of Datacom, he imparts the wisdom that moving to the cloud will make you vulnerable, but—with total security an impossibility—the secret is in implementing enough security to make it not worth a hacker's time to get at your data.
He also noted that, importantly (and perhaps obviously) anything stored in the cloud should be encrypted. This way, regardless of whether there’s a breach by hackers or even accessing of your data through legal means (such as with the US Patriot Act for example) it remains safe. The encrypted data may be accessed, but as long as only your company has the keys to decrypt it, it will be nigh impossible to be breached.
John Sheridan, First Assistant Secretary Agency Services, AGIMO, says to think about Australian industry and data sovereignty—if data is hosted overseas, what are the rules of other governments? What rights would you retain with respect to preserving access and security of your data should a foreign power want to intervene? While this may be somewhat less complex if using Australian-based cloud services, by their nature, storage centres for clouds can often be global.
Finally Michael Barnes, Vice President and Principal Analyst APAC at Forrester Research Group, noted that transition to the cloud is inevitable for many companies, and that ultimately IT departments are going to be in competition with third-party providers. Depending on the business, this means for IT to retain control it's going to need to provide services faster and better than external providers. If this isn't a possibility, then IT needs to be prepared to move from a service-based resource to a management one, responsible for dealing with third-party providers.
Ultimately cloud services are increasingly becoming a part of the business landscape, but the degree to which they are utilised and the sometimes murky waters around access and ownership of data remain important considerations for companies looking at making a transition.
Follow @CSO_Australia and sign up to the CSO Australia newsletter.