According to an Ernst & Young Global Information Security Survey, 61% of respondents would be using or evaluating cloud services this year. This will be a mix of public, private and hybrid cloud environments.
However, 52% of organizations said they haven't implemented controls to mitigate data risk in the cloud. An informal poll of companies using cloud services by Sophos found that only a few of them had cloud security policies in place.
Trust marks
As more businesses outsource or shift parts of IT operations to third-party cloud providers, trust marks are emerging for data centers offering cloud services.
"Worldwide, we'll see a number of trust marks," said Rob Forsyth, managing director for Asia Pacific at Sophos. "We have a very good one in the UK called the Cloud Industry Forum and a number of these out of the US. There are Verisign-type trust marks given out to data centers."
Forsyth sits on an Australian senate committee, working on a trust mark for cloud computing aimed at protecting the consumer. "I'm chairing the subcommittee of the trust mark," he said. "We're trying to work out seven basic concepts that cloud providers will need to adhere to earn a trust mark. These include if I lose your data, I'll tell you about it, I won't sell your data to a third party, and if you leave my service, I will delete your data. These are really simple standards by which you understand what you're getting into and you would know that you're getting a minimum set of [service] standard."
In Singapore, the Infocomm Development Authority and the Infocomm Standards Committee have formed a Cloud Computing Standards Coordinating Task Force to develop best practices for virtualization and develop standards and guidelines to address cloud security concerns. Efforts include establishing relevant policies and regulatory frameworks to govern the use and provision of cloud services and certifying cloud service providers.