Cloud data centers are not regulated, and there is no certification specific to providing cloud data services, points out Nico Popp, VP of product development at VeriSign (Mountain View, Calif.), who says identity management and data access are significant factors in cloud security. “You need a trust framework, and the question is then, where do you start,” he relates. “We believe the right place to start is access and identity management.”
Banks have a unique role in evolving identity management with cloud services, Popp adds. Banks already have extensive experience with access and identity management issues, he explains, so they are uniquely positioned to work with cloud providers.
“Identity [management] is the most acute problem” with external cloud services, Popp continues. “Who has access to my data? We think we’ll see identity as the No. 1 issue, and that will lead to two things: certification and identity policies.”