Home » Story
You have been granted access to this page through First Click Free. Subsequent use of TabbFORUM will require logging in. If you don't have an account, registration is free.

Videos

  • Rail_thumb_adam_honore_david_etue-finqloud-safenet-cloud_security_in_financial_services

    Debunking the Cloud Security Myth

    The idea that the cloud is not secure is a misperception, says David Etue, SafeNet. While the cost and agility gains that come with moving to the cloud also come with a loss of some...
     
  • Rail_thumb_steve_phillips-nasdaq_omx-latam

    Latin America's Quest for Liquidity

    Brazil no longer is the only game in town when it comes to trading in Latin America. According to Steve Phillips, senior managing director, Latin America and Caribbean, NASDAQ OMX...
     
  • Rail_thumb_adam_will_screen_shot

    What Will Nasdaq Do With eSpeed?

    Following several failed cross-border exchange mergers, Nasdaq’s acquisition of the electronic fixed income trading platform eSpeed provides the exchange with a way to diversify...
     
 

More Video | Podcasts

Advertisement
Author_l
Les Kovach

TabbFORUM

More From
Les Kovach

Related

Why Aren't Smartphones Making Us More Productive?

Certified Security in the Cloud

NYSE Brings Capitalism to the Cloud

The Buy or Build Decision Continuum

Spotlight-blackInnovations in Trading and Technology (more stories)

03 January 2013

Why Crooks Trust the Cloud More Than CIOs Do

Despite its potential to reduce costs and boost business agility, most firms fear the cloud. In fact, attackers may be more comfortable than CIOs flying in the public cloud.

A majority of firms across industries still do not trust the cloud, and they fear the public cloud in particular, the Information Systems Audit and Control Association reports. According to the global nonprofit information system security organization, 69 percent of the U.S participants and 68 percent of the European participants in its 2012 IT Risk/Reward Barometer believe the risks posed by public cloud services outweigh the benefits.

“What is apparent from this study is the perception of control,” said Marc Vael, international vice president of ISACA, which surveyed more than 4,500 IT professionals in 83 countries for the study. “Private cloud scores better than both public and hybrid cloud, when asked if the benefit outweighs the risk, yet take up is still relatively low.”

Cloud computing, and in particular, Internet as a service, or IAAS, has become an important piece of modern commercial IT, notes Amichai Shulman, CTO and co-founder of Imperva. While services such as Amazon EC2 allow organizations to sustain a direct correlation between their business activity volume and IT costs, however, “The same holds true for the hacking community,” he adds.

According to the ISACA survey, the drivers behind cloud computing are primarily business related, with lowering costs, increasing efficiency and introducing scalability all commonly cited drivers.

“Enterprises are facing a similar dilemma as they did when first contemplating outsourcing. It is the psychology of relinquishing control that needs to be addressed,” ISACA’s Vael said in a release. “That is why there is more faith in private cloud services, where the enterprise retains management over both hybrid and public alternatives; however, this solution offers fewer advantages.”

However, the concerns over data security and compliance with privacy legislation revealed by the ISACA study cast serious doubts about cloud adoption.

“Though the cloud brings fantastic advantages in terms of agility and cost savings, the issue of accountability for data security remains entrenched on the business agenda for 2013,” says Paul Ayers, VP EMEA, Vormetric.“Even if data resides on a shared infrastructure or has been outsourced for processing, the cloud does not absolve organizations of their data protection responsibilities.” 

“Organizations need to scrutinize the security assurances given by their service providers and ask whether these are sufficient to their data security needs,” Ayers adds.

Ironically, many of the same benefits that legitimate firms can realize in the cloud also attract fraudsters. According to Imperva's Shulman, there are a number of aspects that make cloud computing an appealing offering for attackers, especially those who are profit driven:

  • Elasticity – the ability to quickly get hold of a lot of computing resources without too many prerequisites.
  • Cost – the ability to closely tie up spending with a specific attack campaign and the potential gain.
  • Resilience – the use of commercial cloud-computing platforms reduces the ability of defenders to black-list attackers and adds much-valued latency to the process of server takedown.

“Over the past year we have seen a number of attack campaigns in which attackers were deploying attack servers in Amazon’s EC2 cloud,” Shulman contends.

“In addition, for DDoS attacks, such cloud offerings become very compelling,” he adds. “Using a stolen credit card number to pay for the cloud service, an attacker can mount a large-scale attack from the cloud. The attack can then be carried out for a long enough time period before a preventative action against the attacking servers can be taken.”

Spotlight-white-trans For more stories in the Innovations in Trading and Technology Spotlight Series click here.

Comments | Post a Comment

2 Comments to "Why Crooks Trust the Cloud More Than CIOs Do":
  • Anon_avatar
    Anonymous

    04 January 2013

    This is an interesting study, but I am not convinced that it pertains particularly well to the institutional capital markets, and the way market participants, both large and small are using the cloud.  Lets face facts, cloud, like many new technologies possess great potential and great risk.  Buy-side and sell-side firms throughout the industry rely on both public, private and sector specific clouds for all sorts of functionality, whether it been IaaS, SaaS or Paas.  While it is true that we do not store our most sensitive customer or revenue data on an unsecured cloud environment;we do rely upon cloud based solutions like Salesforce.com, Sugarsync, or DropBox.  Likewise, sector specific clouds play a very specific role in today's marketplace and based upon recent investments, have a compelling value proposition that is not going to go away.  So, just because some scam artist is able to use a stolen credit card to get on a  cloud somewhere, does not mean that Cloud is not here to stay.  I am just not convinced.  

  • Comment_honore_bio_pic_compressed
    ahonore

    16 January 2013

    I’ve spent years tracking IT trends in capital markets in my analyst days.  Even coming off fresh research, cloud is absolutely being adopted for analytics (risk and performance) and market data storage. While there is still a degree of hesitancy among senior IT executives around cloud, cost pressure will be difficult to pass up in the current environment for the sake of hesitancy.  Quite frankly, I spent nearly eight years looking at every piece of technology capital markets had to offer and FinQloud is the one I gave up my analyst career to support because it has such enormous potential and value.  Legacy fear is an educational challenge, not a legitimate stumbling block to something that saves significant sums of money while freeing up internal infrastructure and support.

    Comments (1)

You must log in to comment.