Wall Street firms are not ready to embrace moving a lot of their data or critical functions into the so-called computing “cloud.” As Google’s experience in China recently proved, that can be an invitation to repeated, hard to trace and hard to defend attack.

But “the maturity is coming,’’ according to Pinaki Roy, managing director of the CIO Advisory Practice at the global consultancy PricewaterhouseCoopers.

Serious, experienced providers of hosted business services such as Amazon and its Elastic Compute Cloud or IBM and its Blue Cloud are making security a “core competency,” Roy told attendees of a Wall Street Technology Association half-day gathering on cloud computing issues Wednesday at the Westin Times Square in New York.

“We’ve seen a real change in the controls now as this has hit the mainstream,’’ Roy said. “As mass adoption takes place, mass security is needed.”

Those controls now include identity and access management as well as virtual firewalls and specific firewalls for different Web applications. Services include assessments of the vulnerabilities of the applications, he said.

Now, he noted, data is not only being encrypted when it is in transit, but when it is at rest, in dispersed data centers.

Compliance with companies’ own security policies as well as regulations that govern their operations are reviewed with two types of audits. One, the ISO 27001 audit, is an informations security standard established in 2005 by the International Organization for Standardization. The other is a type II audit governed by the Statement on Auditing Standards No. 70, in which an auditor attempts to determine the effectiveness of agreed-on controls since they were implemented.

Roy said cloud computing now is secure enough to be used for commodity services such as email, Web conferencing and Web analytics.

Some in-house applications, such as those designed to balance workloads and handle “self-sufficient” batch jobs can be appropriate as well, he said. One of interest to risk managers: Monte Carlo simulations, where market conditions are replicated or anticipated before trading strategies are executed electronically.

But, Roy warned, don’t expect to move execution into the cloud or anything where you require the highest performance computing.

The economic benefits of cloud computing originate with the sharing of networking bandwidth, storage and compute power. Service providers typically have older technology in place, on the order of two-year-old processors.

“If you’re looking for top of the range performance, perhaps the cloud is not quite the thing, right now,”’ he said. “It’s not bleeding-edge hardware.”

Roy’s presentation preceded a PricewaterhouseCoopers Webcast on security in the cloud by one day.

 

 

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access