WASHINGTON, Oct. 6, 2011 /PRNewswire/ -- While both the hype
and promise surrounding cloud computing continue to accelerate at a
rapid pace, confusion still remains about what exactly cloud
computing is and the risks and benefits associated with
transitioning to cloud-based environments. While corporate
and governmental organizations across the globe want to reap the
cost, performance and agility benefits of cloud computing, they are
wary of potential risks.
Today, CA Technologies (NASDAQ: CA) Chief Security Architect
Tim Brown joined academic,
government and technology leaders to offer testimony before the
U.S. House Subcommittee on Cybersecurity, Infrastructure
Protection, and Security Technologies House Committee on Homeland
Security on the opportunities and security risks associated with
cloud computing.
In his testimony, Brown addressed four key areas CA Technologies
believes must be considered in evaluating the transition to
cloud:
- The reality of new complexities introduced with cloud
computing;
- Security considerations for the cloud;
- The critical role identity management and authentication plays
in enabling cloud security; and
- The importance of global standards development and adoption to
ensure interoperability and common implementation of cloud
solutions
"CA Technologies believes that the responsibility for securing
the cloud lies with both the providers and the consumers of cloud
solutions. The cloud is neither inherently more nor less secure
than other IT services and solutions," Brown testified.
"Generalized concerns over cloud security on the one hand,
and arguments that the security risks in the cloud are overblown on
the other hand, have muddied the waters to the point that
policymakers and practitioners are experiencing security
schizophrenia. Should I overlook legitimate security concerns
and plunge headfirst into the cloud, or should fear and uncertainty
of these risks stop me from doing anything that even remotely
resembles cloud computing? Like most responsible decisions, the
answer lies somewhere in the middle of these two extremes."
Brown also stated that "One of the greatest challenges facing
the IT sector today is fostering online trust, including the
important trust components of security and privacy. The fact
is that most online threats and successful data breaches of late
have been based on and exploit access control and identity
management failures in systems. The Government Accountability
Office has written to Congress about unauthorized access issues as
recently as Monday of this week (October 3,
2011). Identity management and access management
controls are central to the secure adoption of cloud services.
Identity and access management practices within the cloud
provide the foundation for effective security by ensuring that all
users have only the appropriate level of access rights to protected
resources, and that those rights are effectively enforced. IT
organizations generally as well as cloud service providers, both
public and private, struggle to keep up with the explosion in the
number of users from multiple systems, applications and user
communities that are consuming their services and the complexity of
managing access rights for these users."
CA Technologies provided the following recommendations to
Congress to accelerate the deployment of secure cloud
solutions:
- Adopt policies that can accommodate future development and
flexibility in the cloud market, specifically, and in IT more
generally. Too often, Federal policy has imposed static
frameworks that must constantly be updated based on new technology
developments. CA Technology recommends that Congress focus on
outcomes and not on specific technologies;
- Avoid policies that create a fragmented, country specific
market for cloud services in the United
States. As the cloud market continues to evolve, there
is great risk for market segmentation based on unique policies
designed solely to address US market demands. Policies that
acknowledge the global nature of cloud markets will enable the US
to maintain its leadership position in cloud computing and
encourage innovation to support jobs and exports of US developed
technologies;
- Support standards developed by recognized national and
international standards development organizations in the areas of
cloud security, interoperability, and transparency. These
standards are vital to the management of cloud security risks;
- Fund and support the continued development and rollout of
FedRAMP and the NSTIC;
- Continue support for NIST and its unique role in addressing
emerging security issues; and
- Encourage the federal government to leverage emerging efforts
to develop service measurement indexes like the Cloud Service
Measurement Initiative Consortium in government cloud procurements.
These efforts can provide federal agencies facing budget,
performance, and transparency demands with tools that take
data-driven approaches to evaluating competing offers of cloud
technologies.
(Logo:
http://photos.prnewswire.com/prnh/20100516/NY05617LOGO)
About CA Technologies
CA Technologies (NASDAQ: CA) is an IT management software and
solutions company with expertise across IT environments – from
mainframe and distributed, to virtual and cloud. CA Technologies
manages and secures IT environments and enables customers to
deliver more flexible IT services. CA Technologies innovative
products and services provide the insight and control essential for
IT organizations to power business agility. The majority of the
Global Fortune 500 relies on CA Technologies to manage evolving IT
ecosystems. For additional information, visit CA Technologies at
www.ca.com.
Follow CA Technologies
- Twitter (@CA_pubpolicy, @CAInc, @CASecurity, @CA_Cloud)
- Blogs
- Podcasts
- Media Center
Legal Notices
Copyright © 2011 CA. All Rights Reserved. One CA Plaza,
Islandia, N.Y. 11749. All other trademarks, trade names, service
marks, and logos referenced herein belong to their respective
companies.
Press Contact
Jessica Cassady
610-247-0898 (mobile)
Jessica.cassady@ca.com
SOURCE CA Technologies