Addressing cloud computing security concerns
Friday, December 11, 2009 by Anthony Plewes
Cloud computing is a staggeringly popular topic. Huge swathes of the work we did in 2009 related to cloud computing services and the trend looks set to continue into next year. Just about all parts of the information communications technology (ICT) industry are positioning themselves to take advantage of the predicted stratospheric growth. Although all hyped technologies will get their comeuppance at some point, cloud computing is unlikely to make much headway in enterprises if it they are worried about security.
Enterprise concerns over security are perfectly understandable: as a shared medium, how can they be sure that their data isn’t leaking into their competitors environment, and in fact are they even able to tell were their data is even stored. The latter issue can have a major regulatory impact in a number of areas, such as PCI-DSS compliance. Hackers are already reportedly rubbing their hands with glee at the prospect of hacking cloud computing environments. At the recent Black Hat conference, speakers demonstrated how to attack the cloud and a Trojan keylogger was reportedly found on Amazon’s AWS site only this week.
Given the importance of security to cloud computing’s success there’s little surprise that the industry is making solving the issue a priority. Here are some interesting resources & articles:
- The European Network and Information Security Agency has published a report on the risks of cloud computing;
- The Jericho Forum famous for its work on deperimeterisation published a white paper on cloud computing security earlier this year;
- In June, Jericho Forum and the Cloud Security Alliance joined up to address security. I was expecting to see a result on this collaboration in the autumn, but I haven’t seen anything yet;
- Ariel Silverstone suggests some metrics for measuring the security of your cloud computing providers;
- ISACA has published a white paper that looks at some of the security issues;
- The CSA and Novell are running an interesting looking webinar on Cloud security next week.
