Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Are lawyers getting in the way of cloud-based security?

Ellen Messmer | Nov. 8, 2012
In an age where enterprises and their employees are being relentlessly targeted with malware-based phishing, denial-of-service and other attacks, the ability of the IT security staff to defend their networks and valuable corporate data faces yet one more obstacle, according to some: their own company lawyers.

Trying to build confidence, Microsoft is striving for transparency by submitting information related to security in its Microsoft Azure, Office 365 and other cloud offerings to the CSA's Security Trust and Assurance Registry (STAR), a repository of vendor-submitted information about security practices. (A CSA official today noted third-party certification of cloud-provider security is expected to be in place next year as well to augment the service provider self-attestation found in STAR).

Microsoft has also created what it calls the Cloud Security Readiness Tool, described as a set of questions on security architecture, authentication and other topics that can be used for "starting the conversation" with executives and help them get comfortable with concepts they may not be familiar with. "There's still a lot of confusion about what cloud computing is," Rains said in his keynote.

In yet another talk, Tom Kellermann, vice president of cybersecurity at Trend Micro, gave a riveting description of East European and Asian cybercrime and espionage and how victimized companies are being "hunted" as part of a massive "colonizing of the infrastructure." He also added a few observations about lawyers.

The IT security professional is going to have to work to explain the nature of today's security threats to the company lawyer, among others, including the CIO. "Take your general counsel to lunch," he recommended.



Previous Page  1  2 

Sign up for Computerworld eNewsletters.