Sibos 2019: Regulation isn’t enough to trust the cloud
Regulation is not enough to bring transparency and trust to the cloud, “we need more practical solutions,” says Credit Bank of Moscow’s deputy board chairman, Sergey Putyatinsky at Sibos.
In a panel discussion about the cloud versus on-premise solutions at the ExCel London, Putyatinsky tells the audience cloud providers need to be held accountable not just by new regulations, but also by a set of best practices.
He says that when he asked one cloud provider, which was not named, when they last carried out a penetration test, the provider said “never”.
“At least you can fire a guy in your company for the mistake if the solution is on your premises,” says Putyatinsky. “Cloud providers, on the other hand, take no responsibility for customer data.”
The suggestion to equip cloud providers not only with compliance but also a set of best practices would allow clients to have better insights into what the providers are up to and how they engineer their solutions, says Putyatinsky.
Fellow panelist, Diana Henderson, part of IBM’s cloud services, agrees with the point of human error but points out that they are seeing a lot of emphasis on how they introduce security earlier on in the pipeline.
“If organisations have the mindset of not bolting on security at the end, I think it’s possible to have it on-premise or in the cloud,” says Henderson.
In an audience vote during the discussion, 71% of listeners said they thought the cloud should be regulated.
As well as regulation, the panel also pointed out that security is not “already baked in” to the cloud.
EY’s global cybersecurity leader Kris Lovejoy alerts the industry to the “incredible importance” of third-party reassurance, as the cloud should not relieve an organisation of investing in security.”