/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsGregg Kreizman is not just a research director on Gartner's information security and privacy team. Standing at a vantage point where he covers single sign-on, password management, identity federation, user-centric identity, electronic signature, public-key infrastructure and general identity and access management topics, well, in short, whatever, ‘you name it’; he packs a unique edge and view when it comes to the cryptic land of security.
So if you have been one of those flinching back because the word ‘Cloud’ still doesn’t evoke an assured 'yes' or trust for security aspects, you are not a chicken. You don’t really need to be a brave heart and here’s Gregg telling you to trust your instincts and audits, yet again.
Would you agree or would you disagree that CIOs can find Security-related investments as almost a Black Hole?
There has been an evolving set of thought here. Think it this way. Areas like infrastructure protection or malware controls are stuff that you have to do. They are hygiene factors and you can not afford to ignore them. More so, with the heightened level of automated attacks today.
Where is the direction going on to, as we speak?
The biggest global trend, which could be still a tad early talking of India, is the trend of movement of applications to clouds and hence, the security implications thereof.
When we think of Clouds, are the security concerns around its adoption well founded?
I would say that some of them are valid. Any SaaS product that can truly demonstrate around security areas is hard to prove. For example — Many SaaS providers, in order to leverage other services are beginning to embrace IaaS. Protection of data, from the point of availability as well as confidentiality takes different dimensions from here. For a prospective user, it is really up to CIOs to judge its merits. Do I really accept what providers are telling or is there a risk around security? You need to ask it honestly, and do your own audit.
Would the risk factor go up with Public Clouds?
Private Cloud is akin to outsourcing but Public Cloud is when you enter a new regime. It is a little bit more risky. It would be fair to say there is a gray area here.
Has the equation and relative role-mix changed between components like people, technology and policies in the security matrix?
No sea change, I would say. Policy, people, process, technology; all are important. We have espoused a pragmatic approach to security. Business should translate risk issues into necessary security functions.