Superconductor

Cloud computing seems to be one of the hot topics at this year’s RSA Conference, and many vendors seem to be trying to position themselves as leaders in “cloud security” in some way. I also heard several times in various presentations that cloud computing causes absolutely no additional security vulnerabilities, and that the real challenges of cloud computing are going to come from dealing with regulatory compliance issues.

It may be tricky to address data lineage (tracking data as it flows through an enterprise), data provenance (tracking the origin of data) and related issues, for example, if data is held in a cloud, yet these can be required by some regulations. These can certainly be considered parts of data integrity that information security products address, but not many vendors seemed to be looking at cloud security from that point of view. Until these issues are addressed, the data that’s suitable for being handled by cloud computing is probably limited to non-sensitive, non-regulated data - unless pro-active security measures e.g. end-to-end encryption are incorporated. Our own security SaaS solution, the Voltage Security Network, avoids data protection issues by not touching any content - simply providing keys for encrypting emails and documents.