security

Tech Chiefs Press Cloud Suppliers for Consistency on Security Data – Wall Street Journal


Cloud providers are coming under pressure from some of their biggest customers to adhere to one across-the-board standard of information on how they handle client data and cybersecurity.

Among those customers are health insurer

Cigna Corp.,

defense contractor Raytheon Technologies Corp. and delivery company

FedEx Corp.,

which are concerned that toggling between the different methods used by providers increases their workload needlessly and might even be hampering their defenses.

The companies are members of the Open Networking User Group, an organization of corporate technology executives that advocates for open standards. This month, the group plans to propose standards on how cloud companies communicate security and governance information that customers need to protect their systems and comply with regulations.

At Cigna, which uses cloud computing from Amazon Web Services,

Alphabet Inc.’s

Google and

Microsoft Corp.

—among others—tech teams must learn the nuances of each cloud vendor’s processes and reconcile that information, said James Beeson, the insurer’s chief information security officer.

“It could slow down our ability to identify a problem, and react to it and contain it,” he said.

Reconciliation is crucial to proper oversight of data as it moves externally, and to provide evidence of regulatory compliance to auditors, said Gene Sun, chief information security officer at FedEx.

Amazon, Google and Microsoft, among others, should report the information in a standardized way, Mr. Sun said. The three vendors account for 58% of the market in cloud services, according to Synergy Research Group Inc.

Simplifying the process would help customers to better fend off hackers and meet regulatory requirements, he said.

Gene Sun, chief information security officer at FedEx, said the work of reconciling disparate data from cloud providers is ‘unsustainable.’



Photo:

FEDEX CORP.

“My own stakeholders—regulators, the board, auditors—we need transparency,” Mr. Sun said. FedEx has a team dedicated to translating information from the cloud providers. “This day-to-day pain is unsustainable.”

Mr. Beeson at Cigna anticipates that the cloud competitors eventually will commit to a shared standard—even if they resist doing so initially.

“When you put a whole lot of gorillas in a cage at the same time, it can become difficult to have them work together, and that’s a huge part of what we’re trying to do,” he said.

A representative for Google’s cloud business said in a statement, “As discussions around open standards within the industry evolve, we’re committed to working with customers to get them the information they need to support their security, compliance and governance efforts.”

A Microsoft spokeswoman referred to a paper about its guidance for data security and compliance. Amazon didn’t respond to a request for comment in time for publication.

The cloud computing industry has grown significantly in recent years and Synergy estimates the market increased to $19 billion in the first quarter, a 37% jump from the same period in 2019.

But despite the growing acceptance of the technology, concerns linger on the subject of moving systems off-premises and out of a company’s direct control, said Don Duet, chief executive and founder of New York-based consulting firm Concourse Labs.

“Everything is in a risky space,” he said. “It’s such a sea change.”

Technology executives in highly regulated industries such as banking and health care would buy more cloud services if vendors made it easier to understand how systems and data are managed, said Mr. Duet, a former co-leader of

Goldman Sachs Group Inc.’s

tech division.

Greater consistency in information from the cloud companies would simplify work for customers and lead them to use more cloud computing, said Daniel Conroy, chief technology officer at Raytheon.

At any one time, as many as 25 people at Raytheon can be reconciling data from different cloud vendors, Mr. Conroy said. Microsoft, for example, provides a standard cloud-security setup with some additional features customers can add, he said. Amazon, on the other hand, offers a toolbox customers use to configure security features on their own.

“It’s not that one is bad, but differences create work for companies,” he said.

Write to Kim S. Nash at kim.nash@wsj.com

Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8



READ SOURCE

READ  Lacework secures $42 million in funding round to further cloud and DevOps security mission - Cloud Tech

Leave a Reply