Perhaps one of the biggest problems with cloud-based services are outages, which have ranked high on the list of enterprise cloud concerns, according to recent studies. Last year Box suffered a three-hour outage, and Somaini told CRN that he would work to insure availability was of heightened importance at the company.
"When look at three core tenets -- confidentiality, integrity and availability -- it depends on the company where the availability strategy rides," Somaini said. "There's no question about it that Box is already concerned about availability; it's one of the top priorities if not the top priority within the company."
And other industry executives agree, telling CRN that service outages would eventually be a serious problem for certain cloud providers. Service providers may see opportunity in adding private cloud services in the enterprise.
Somaini said he was attracted to Box because it is at the center of the online content collaboration movement and is doing so while taking security and trust much more seriously than other firms.
"I'm not coming in and creating something new; I'm coming in and fleshing out their strategy and driving it into our customers so that is focused an attentive," Somaini said.
Somaini is a strong believer in end-user education programs and creating a security-aware culture within the enterprise. He is known for conducting town-hall-style meetings regularly with employees, answering questions and concerns about both company data security and their personal needs. Social engineering and protecting account credentials were typical areas of discussion, he said.
"I want the employees to look at the world through the window I'm looking at, and until they do that, we're not going to see and understand the role that I have and the business' need to protect its data," Somaini said.
While there have been no serious data breaches attributed to cloud providers, Somaini said it is always a significant threat because cloud providers are storing massive amounts of data. Attackers have already used fake accounts at cloud providers to set up command-and-control communications or infect Web servers as part of a financially motivated cyberattack campaign.
"Cloud is very much in the wheelhouse of where the attackers are going," Somaini said.
PUBLISHED APRIL 25, 2013