A new report from the Carnegie Endowment for International Peace seeks to give law and policy makers a better understanding of cloud security risks.
Although nearly 30 years old, cloud computing is still a “new” technology for most organizations. The cloud promises to reduce costs and increase efficiencies through storage and management of large repositories of data and systems that are theoretically cheaper to maintain and easier to protect.
Given the growing rush by organizations to move to the cloud, it’s no surprise that some policymakers in Washington are calling for regulation of this disruptive technology. Last year, Representative Katie Porter (D-CA) and Nydia Velázquez (D-NY), urged the Financial Stability Oversight Council (FSOC) to consider cloud services as essential elements of the modern banking system and subject them to an enforced regulatory regime. Their calls for this kind of oversight came in the wake of a major data breach of Capital One in which an employee of the financial institution was able to steal more than 100 million customer credit applications by exploiting a misconfigured firewall in operations hosted on Amazon Web Services (AWS).
A study released today by the Carnegie Endowment for International Peace aims to give lawmakers and regulators a basic understanding of what’s happening in the cloud arena, with a particular focus on the security of these vast reservoirs of information. “Cloud Security: A Primer for Policymakers,” written by Tim Maurer, co-director of the Carnegie Endowment’s Cyber Policy Initiative and Garrett Hinck, a doctoral student at Columbia University and a former Carnegie Endowment research assistant, argues that the “debate about cloud security remains vague and the public policy implications [are] poorly understood.”[This article appeared in CSO Online. To read the rest of the article please visit here.]