In a May 6 session at the Interop conference in Las Vegas, Andy Ellis, chief security officer of Akamai, delivered a talk about security in the cloud. There are a lot of misconceptions about cloud security in Ellis' view, and there are also a number of opportunities.In a video interview, Ellis details what his session was all about and where there are challenges for cloud security. While some have argued that the multitenancy of the cloud is a security risk, Ellis sees other items such as high availability, distributed denial-of-service (DDoS) and security key management as items that should be top of mind for enterprises considering the cloud."When we think about attacks against the enterprise historically, we think about this long kill chain for the adversary," he said.That kill chain includes analyzing the specific attack surface for a given system and then building exploits. Moving to the cloud, attackers have taken a bit of a different approach.
"It's take over an account and do bad stuff to you," Ellis said. Often the No. 1 barrier to cloud adoption cited in surveys is security. Ellis emphasized that people will often blame security for lack of adoption for any new technology that they don't fully understand."Cloud isn't a scary thing, and it's also not a panacea," he said.Overall, Ellis emphasized that as long as an organization knows what it's doing in reference to cloud deployment and using cloud services with proper consideration, the cloud can be a very good thing for productivity and security."Companies that are dragged into the cloud by their application owners are going to make mistakes that companies led into the cloud by CIOs will not," he said.
- eWeek