Proofpoint: Security, Compliance and the Cloud

Proofpoint's vice president of technology, Andrés Kohn, apparently used some mildly salty language at the opening of his well-attended InfoSecurity Europe presentation, "Can Data Be Safer in the Cloud?" last week.

If you're one of those cloud skeptics who holds the view that, to remain secure, data needs to stay within the corporate datacenter, Andrés begs to differ.

"Quite frankly, I think this view is a bunch of...," says Kohn.

All kidding aside, ServerWatch's Paul Rubens has an excellent overview of Andrés's talk, reported in 5 Reasons Why the Cloud Should be More Secure than Your Data Center.

Highly recommended reading, but in short, providers of secure, cloud-based services can potentially keep your data more secure than even your own datacenter through:

1. Greater Economies of Scale
2. More Secure Development Lifecycles
3. Continuous Auditing
4. Higher Levels of Automation and Repeatability
5. Stricter Access Controls

Of course, not every cloud-based vendor is going to follow security best practices or even make security a top priority.

A slightly scary press release and new report from the Ponemon Institute and CA Technologies drove that point home this week with some interesting data that shows that many providers of cloud-based services are focused more on delivering cost and speed-of-deployment advantages over security.

Among the findings:

• Fewer than 20% of cloud providers across the U.S. and Europe view security as a competitive advantage.
• Fewer than 30% of respondents consider security as an important responsibility.
• Fewer than 27% of respondents feel their cloud services substantially protect and secure customer information.
• The majority of cloud providers (69%) believe security is primarily the responsibility of the cloud user... In contrast to 35% of cloud users who believe security is their responsibility.

Yikes. Here's the link to the full report:

Ponemon Institute, Security of Cloud Computing Providers Study, April 2011
(PDF format)