Thought Leaders in Cyber Security: CipherCloud CEO Pravin Kothari (Part 3)

Sramana Mitra: What are the trends in that? I would think that the public cloud vendors – people who provide SaaS as their core business – isn’t it their responsibility to make sure that they’re providing their data and applications in a secure way?

Pravin Kothari: That’s a great question. Every cloud provider like Microsoft, Google, or Salesforce has security. For example last year, ZenDesk got compromised and their customers’ data got stolen. DropBox forgot to check passwords just 18 months ago where they pushed the release build out and did not check the password. During that time, we don’t know how many people can access your documents. Even though they provide network security, there can be issues that can allow hackers to access information. That’s the issue with all these cloud providers. They are doing a reasonably good job, but that may not always be perfect.

The second issue with cloud providers is they’re not taking any liability. If there’s a breach because of configuration issues on the cloud provider side and your data gets breached, the liability is completely on the customer side. It’s not on the cloud provider’s side. All the contract agreements very clearly say that they don’t take the responsibility.

I’ve just got the latest research report from Gartner. If you look at the top 10 inhibitors for adopting public cloud, number one is security and privacy concern. Number two is concern around government snooping. Government can come to a provider like Google or Microsoft and ask to pull information out without informing the customer. That’s a big concern that customers have.

The third problem is compliance requirements. A lot of compliance that companies have to deal with are completely out of order if data is going to third party. How do you make sure that all your auditors are checking the third party compliance also? It becomes a very complicated affair.

The fourth inhibitor to cloud adoption is something else, but the fifth is data sovereignty requirements. Data sovereignty is also called data residency. Many countries require data to reside in their own countries especially around customer records. It has to be kept in their own country. We have a huge telco in Europe that has operations in 30 countries. Every country has different policies and they cannot send data out of the country, so they put CipherCloud in every country to make the data anonymous before it goes to a central location in the cloud.

This segment is part 3 in the series : Thought Leaders in Cyber Security: CipherCloud CEO Pravin Kothari
1 2 3 4 5