Cloud Computing Security
I get many requests regarding cloud computing and in particular inquiries regarding the security approach on cloud computing. A couple of while ago I read a very good Blog entry from Dr. Guy Bunker (www.viewfromthebunker.com) who brought the problem to the straight point:
"One of the problems with ‘the cloud’ is that it has been tough up until now to distinguish the different variations or even acknowledge that there are different cloud formations out there, and that one size does not fit all. So, are you after software (application)-as-a-service or a platform-as-a-service, are you thinking about in-house clouds or external ones, how about having proprietary or open API access? You see, the possibilities soon mount up. Of course, there is no single answer and different applications will be best suited to different cloud solutions. Understanding the differences will help you to make a good choice and reading the paper will remove some of the cloudiness around the cloud."
In his Blog, Guy is refering to the Cloud Cube Model by the very well recognized Jericho Forum (part of the Open Group). The 4 dimensions of the Jericho Cloud Cube Model is really a very crisp and consise way do define the various cloud formations and its characteristics. I personally think that this is very complementary to the recently released “Security Guidance for Critical Areas of Focus in Cloud Computing” by the Cloud Security Alliance. This model gives you very good guidance on the portfolio of domains that you have to consider for every formation of cloud computing in terms of security. The model by the CSA defines 15 domains that includes i.e. the cloud architectural framework, information lifecycle management, traditional security, application security and virtualisation security. Both – the Jericho Model and the CSA Guidance – will give enterprises a clear picture about the entire framework and approach that they have to consider.
I really encourage everyone who is considering to put information and applications into any type of cloud formations to read through the advisories from Jericho Forum (Cube Model as well as Collaboration Oriented Architectures) as well as the guidance from the Cloud Security Alliance. This will help to define your own individual approach to secure and manage your cloud formations properly.
Please don't hesitate to contact me for any further question.
Comments
CSO at Zynga Nils Puhlmann talk on Business Technology Summit'10
CSO at Zynga & Co-founder of Cloud Security Alliance, Nils Puhlmann will provide an overview of where we are today and what areas of cloud security are actively being worked on in the industry at the third season of Business Technology Summit 2o1o in Bangalore. Further he will discuss about the specific risk and threat areas and how can they be mitigated? What other security efforts are underway in the industry to ensure that security is a key part of every cloud offering? For more information log on to btsummit.com
Re: CSO at Zynga Nils Puhlmann talk on Business Technology Summi
Thank you for this information. At our Symantec Vision 2010 conference in Barcelona last week we had a very good session hosted by one of the CSA board members of the Spanish CSA chapter, talking about his experiences of adopting the CSA guidance into his own organisation in his role as Information Security Director. I encourage everyone who is looking for those type of real-life examples to contact the local country or regional chapters of CSA, and attend cloud computing and cloud security events to hear more about best practices and real-world adoptions.
Would you like to reply?
Login or Register to post your comment.