WASHINGTON, Oct. 6, 2011 /PRNewswire/ -- While both the hype and promise surrounding cloud computing continue to accelerate at a rapid pace, confusion still remains about what exactly cloud computing is and the risks and benefits associated with transitioning to cloud-based environments. While corporate and governmental organizations across the globe want to reap the cost, performance and agility benefits of cloud computing, they are wary of potential risks.
Today, CA Technologies (NASDAQ: CA) Chief Security Architect Tim Brown joined academic, government and technology leaders to offer testimony before the U.S. House Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies House Committee on Homeland Security on the opportunities and security risks associated with cloud computing.
In his testimony, Brown addressed four key areas CA Technologies believes must be considered in evaluating the transition to cloud:
- The reality of new complexities introduced with cloud computing;
- Security considerations for the cloud;
- The critical role identity management and authentication plays in enabling cloud security; and
- The importance of global standards development and adoption to ensure interoperability and common implementation of cloud solutions
"CA Technologies believes that the responsibility for securing the cloud lies with both the providers and the consumers of cloud solutions. The cloud is neither inherently more nor less secure than other IT services and solutions," Brown testified. "Generalized concerns over cloud security on the one hand, and arguments that the security risks in the cloud are overblown on the other hand, have muddied the waters to the point that policymakers and practitioners are experiencing security schizophrenia. Should I overlook legitimate security concerns and plunge headfirst into the cloud, or should fear and uncertainty of these risks stop me from doing anything that even remotely resembles cloud computing? Like most responsible decisions, the answer lies somewhere in the middle of these two extremes."
Brown also stated that "One of the greatest challenges facing the IT sector today is fostering online trust, including the important trust components of security and privacy. The fact is that most online threats and successful data breaches of late have been based on and exploit access control and identity management failures in systems. The Government Accountability Office has written to Congress about unauthorized access issues as recently as Monday of this week (October 3, 2011). Identity management and access management controls are central to the secure adoption of cloud services. Identity and access management practices within the cloud provide the foundation for effective security by ensuring that all users have only the appropriate level of access rights to protected resources, and that those rights are effectively enforced. IT organizations generally as well as cloud service providers, both public and private, struggle to keep up with the explosion in the number of users from multiple systems, applications and user communities that are consuming their services and the complexity of managing access rights for these users."
CA Technologies provided the following recommendations to Congress to accelerate the deployment of secure cloud solutions:
- Adopt policies that can accommodate future development and flexibility in the cloud market, specifically, and in IT more generally. Too often, Federal policy has imposed static frameworks that must constantly be updated based on new technology developments. CA Technology recommends that Congress focus on outcomes and not on specific technologies;
- Avoid policies that create a fragmented, country specific market for cloud services in the United States. As the cloud market continues to evolve, there is great risk for market segmentation based on unique policies designed solely to address US market demands. Policies that acknowledge the global nature of cloud markets will enable the US to maintain its leadership position in cloud computing and encourage innovation to support jobs and exports of US developed technologies;
- Support standards developed by recognized national and international standards development organizations in the areas of cloud security, interoperability, and transparency. These standards are vital to the management of cloud security risks;
- Fund and support the continued development and rollout of FedRAMP and the NSTIC;
- Continue support for NIST and its unique role in addressing emerging security issues; and
- Encourage the federal government to leverage emerging efforts to develop service measurement indexes like the Cloud Service Measurement Initiative Consortium in government cloud procurements. These efforts can provide federal agencies facing budget, performance, and transparency demands with tools that take data-driven approaches to evaluating competing offers of cloud technologies.
(Logo: http://photos.prnewswire.com/prnh/20100516/NY05617LOGO)
About CA Technologies
CA Technologies (NASDAQ: CA) is an IT management software and solutions company with expertise across IT environments – from mainframe and distributed, to virtual and cloud. CA Technologies manages and secures IT environments and enables customers to deliver more flexible IT services. CA Technologies innovative products and services provide the insight and control essential for IT organizations to power business agility. The majority of the Global Fortune 500 relies on CA Technologies to manage evolving IT ecosystems. For additional information, visit CA Technologies at www.ca.com.
Follow CA Technologies
- Twitter (@CA_pubpolicy, @CAInc, @CASecurity, @CA_Cloud)
- Blogs
- Podcasts
- Media Center
Legal Notices
Copyright © 2011 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Press Contact
Jessica Cassady
610-247-0898 (mobile)
[email protected]
SOURCE CA Technologies
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article