Book: Cloud Security and Privacy

February 14th, 2010 by Dave Lewis No comments »

I have had several occasions to talk with people about cloud security and more often they have little to no understanding as to what the implications of cloud security are or what is even available. An excellent resource is this book “Cloud Security & and Privacy” written by several founding members of the Cloud Security Alliance.

Here’s more from the description on Amazon:

You may regard cloud computing as an ideal way for your company to control IT costs, but do you know how private and secure this service really is? Not many people do. With Cloud Security and Privacy, you’ll learn what’s at stake when you trust your data to the cloud, and what you can do to keep your virtual infrastructure and web applications secure.

Ideal for IT staffers, information security and privacy practitioners, business managers, service providers, and investors alike, this book offers you sound advice from three well-known authorities in the tech security world. You’ll learn detailed information on cloud computing security that-until now-has been sorely lacking.

* Review the current state of data security and storage in the cloud, including confidentiality, integrity, and availability
* Learn about the identity and access management (IAM) practice for authentication, authorization, and auditing of the users accessing cloud services
* Discover which security management frameworks and standards are relevant for the cloud
* Understand the privacy aspects you need to consider in the cloud, including how they compare with traditional computing models
* Learn the importance of audit and compliance functions within the cloud, and the various standards and frameworks to consider
* Examine security delivered as a service-a different facet of cloud security

A good read for those wanting to learn more.

Article Link

No comments »

Posted in Cloud Books

A6 Rebrands As CloudAudit.org

February 13th, 2010 by Dave Lewis 1 comment »

So what, might you ask, is Cloud Audit? Chris Hoff has a write up on the launch of the new site CloudAudit.org.

From Rational Survivability:

I’m happy to announce that the Automated Audit, Assertion, Assessment, and Assurance API (A6) working group is organizing under the brand of “CloudAudit.” We’re doing so to enable reaching a broader audience, ensure it is easier to find us in searches and generally better reflect the mission of the group. A6 remains our byline.

We’ve refined how we are describing and approaching solving the problems of compliance, audit, and assurance in the cloud space and part of that is reflected in our re-branding.

Here is the preamble from the new site.

From Cloudaudit.org:

The goal of CloudAudit (codename: A6) is to provide a common interface that allows cloud computing providers to automate the Audit, Assertion, Assessment, and Assurance (A6) of their infrastructure (IaaS), platform (PaaS), and application (SaaS) environments and allow authorized consumers of their services to do likewise via an open, extensible and secure interface and methodology.

CloudAudit is a volunteer cross-industry effort from the best minds and talent in Cloud, networking, security, audit, assurance and architecture backgrounds.

For more read the entire posting over on Hoff’s blog Rational Survivability.

Article Link

(Image used under CC from Florin Mogos)

1 comment »

Posted in Cloud Security

Websense Unifies Cloud, On-Premises Security Management

February 13th, 2010 by Dave Lewis No comments »

The vendor gold rush is underway.

From eWeek:

As security vendors have added cloud-based services to their portfolios, there have been ongoing discussions about how best to combine these services with on-premises security products.

While many vendors offer both delivery models, Websense took it a step further Feb. 9 with a new platform that integrates data loss prevention, secure Web gateway and e-mail security while allowing users to manage the company’s on-premises and cloud security offerings through a single console.

Trend Micro announced something similar back in November. Now, this is an offering that is currently only available to early adopters. It would be interesting to see more information on this offering.

Article Link

(Image used under CC from US Army Korea – IMCOM)

No comments »

Posted in Cloud Security

Cloud Providers Shrug Off Liability For Security

February 13th, 2010 by Dave Lewis No comments »

The calendar may show a different date but, the argument remains the same. Back in ’99 I had a protracted/heated exchange with my corporate ISP regarding DDoS attacks. Their logic was simple. Not our problem. They used the analogy of a cab. We get you there but, that’s it.

Ugh.

From ZDNet:

At a Cloud Law Summit in London on Wednesday, Microsoft’s head of legal, Dervish Tayyip, said the company would not provide financial guarantees against data-protection issues on cloud contracts.

“We’re not an insurance company,” Tayyip told ZDNet UK. “What is important is that customers understand the [cloud] offerings are standardised — they are what they are. If the offering does not meet customer needs, maybe the cloud is not a realistic offering.”

Wow. How not to win the hearts and minds of potential customers.

Article Link

(Image used under CC from Philipp Klinger)

No comments »

Posted in Cloud Security

Private Cloud Deployments: Top 8 Planning Requirements

February 13th, 2010 by Dave Lewis 2 comments »

Here is an article that appeared in the San Francisco Gate today. It provides a list of considerations for private cloud deployments.

From SF Gate:

Virtualization is understood as one of the key building blocks for private clouds. As a dynamic technology that enables IT organizations to reinvent how they think about management, it has the potential to make some things easier or make all things harder. Silo buying, heterogeneity, politics, poor integrations, and immature management tools can inhibit virtualization’s full value.

For the full list, read on.

Article Link

(Image used under CC from Globetoppers)

2 comments »

Posted in Cloud Computing

Microsoft Calls For Cloud Security Legislation

January 22nd, 2010 by Dave Lewis No comments »

Hmm. Ask the government to force them to secure their own cloud?

Odd.

From V3.co.uk:

Microsoft has called on the US government and the IT industry to take immediate steps to improve the security of cloud computing.

Brad Smith, senior vice president and general counsel at Microsoft, told a Brookings Institution policy forum on Wednesday that businesses need more reassurance when moving data from on-premise infrastructures to private and public clouds.

Article Link

(Image used under CC from stansich Flickr Stream)

No comments »

Posted in Cloud Lobby

Rss Feed Tweeter button Reddit button Linkedin button Delicious button Digg button Youtube button