Welcoming news that suppliers have now been invited to apply for the right to be listed in the G-Cloud catalogue the Government has developed for its IT services procurement plans, Lieberman Software has warned public sector bodies about the need to rethink their security strategies before starting to store their data in a cloud computing environment.
Philip Lieberman, President of the Privileged Identity Security Specialist, says that – whilst the economic advantages of the cloud are well known, there is a danger that public sector agencies will rush headlong into adopting cloud data storage without thinking about the effect on their data security.
“The good news is that most suppliers offer a basic level of encryption and authentication to their clients, but some of the more economy larger-scale cloud service providers – who offer a bargain basement menu-based service – do not always offer the most stringent security facilities as standard,” he said.
“Public sector agencies in the UK are under enormous pressure to cut costs, so there is significant potential for them to subscribe to a cloud service without taking the optional extra layers of security that should be, quite frankly, mandatory on these types of services,” he added.
The Lieberman Software president – who is a veteran of several decades in the field of encryption and security – went on to say that the competition in the cloud services sector is such that many providers are adopting a budget airline pricing strategy of offering rock-bottom headline rates, with extra services, such as better security, on top.
These extra services are the same ones you get as standard with conventional airlines, and this pricing strategy is now being seen in the cloud services arena.
Lieberman says that one method of adopting budget cloud services that take a minimalist approach to security is to limit the privileges of users of the service, using the simple expedient of controlling administrator rights for users of the cloud facility.
Put simply, he adds, this means that if hackers do gain access to the cloud accounts of public sector employees, any access rights they gain to the relevant data is limited.
“Provided the cloud service has underlying VPN encryption and other basic security facilities, then it can often make economic sense to invest in a privileged identity management platform – with all the extra security features this offers (http://bit.ly/S1WFif) – than going down the value-added cloud services trail,” he said.
“Cloud computing security is just a single element in what has become an increasingly complex world of data protection. Taking a holistic view – and managing privileged identity more effectively in the cloud – can bring a number of extra security benefits to an organisation’s entire IT platform,” he said.
“Worries over data privacy and financial exposure from data breaches may be the cloud service providers’ greatest roadblocks to new business. Against this backdrop, the launch of the G-Cloud catalogue is a very welcome move, but IT admins need to be aware of the security issues that cloud services engender.”