Francoise Gilbert, Attorney at Law, IT Law Group
Ellen Giblin, Privacy Counsel, Ashcroft Law Firm
Eric Chabrow, Executive Editor, GovInfoSecurity & InfoRisk Today

Too often enterprises fail to adequately vet their cloud service providers, which can create security vulnerabilities, according to IT security lawyers Francoise Gilbert and Ellen Giblin.

When Gilbert asked executives at one cloud service provider what type of security plan it offered, they responded: "'Oh, that's not a problem; we are putting all the data in the cloud, someone else's cloud,'" she says in a video interview with Information Security Media Group at the 2014 RSA Conference. "And they were totally clueless."

Giblin says this is especially true of start-up providers. "It's a culture issue as well," she says. "The start-up environment becomes its own culture. ... They hear, 'Oh, you don't have to do all that. You can just put it in the cloud. So, that becomes like a mantra."

In the interview, Gilbert and Giblin:

Advise enterprises to conduct a risk assessment as part of contracting cloud services;
Explain why enterprises often fail to assess properly their service providers; and
Outline steps to take to properly vet providers through vendor management.

Gilbert is founder and managing director of the IT Law Group. Giblin is privacy counsel for the Ashcroft Law Firm.