On the 11/29 Virtualization Security Podcast Omar Khawaja the global managing principle at Verizon Terremark Security Solutions joined us to discuss Verizon’s 12 step program for entering the cloud. This 12 step program concentrates on the IT and Security admins working together with the business to identify all types of data that could be placed into the cloud, and to classify that data. Once this is complete, the next steps are to understand the compliance and security required to protect the data and to access the data. It is a Data Centric approach to moving to the cloud.
There are threats to the cloud and there are risks within the cloud. A recent article from Tech Target Search Security blog spurred several thoughts. The main claim here is that there are not enough people who can differentiate threats and risks enough to talk to business leaders who may know very little about security, but do know the business. I have been known to state that there are prominent threats to my data once stored in the cloud and that we should plan to alleviate those threats to reduce our overall risk. But what is the risk?