Last month Gartner Analyst Jay Heiser conducted an extremely informative and thought-provoking webinar entitled \u201cThe Current and Future State of Cloud Security, Risk and Privacy.\u201d During the presentation, Mr. Heiser highlighted what he called the \u201cPublic Cloud Risk Gap,\u201d characterized in part by inadequate processes and technologies by the cloud service providers and in part by a lack of diligence and planning by enterprises using public cloud applications. In many ways, it was a call to arms to ensure that adequate controls, thought and preparation are put to use before public clouds are adopted by enterprises and public sector organizations.
\nFrom the side of the cloud application provider, the webinar noted that most cloud service offerings are incomplete when measured against traditional \u201con-premise\u201d security standards, there are relatively few security-related Service Level Agreements (SLAs), and there is minimal transparency on the security posture of most cloud services. From the enterprise side (the cloud service consumer), he points out that they frequently come to the table with inadequate planning and consideration in the area of security requirements definition and have an incomplete data sensitivity classification governing their data assets. Despite this, the webinar highlighted that organizations of all sizes are increasingly willing to place their data externally, and they are increasingly likely to have at least some formalized processes for the assessment of the associated risk \u2013 which is good news.<\/p>\n