Black Hat 2010: 10 Security Hotspots for CIOs - Cloud Security Challenges
(
Page 2 of 11 )
As you probably know, the Cloud is the mass-market, low-cost, commodity abstraction of hyper-scalable computer, network and storage capabilities. These are delivered as a managed service, replacing and/or augmenting what was once an in-house collection of physical IT infrastructure, platforms, and software. This dramatic change in how information is stored, accessed, and transferred certainly opens up cloud computing to many security concerns. Primary among these is that, with cloud solutions, the traditional boundaries of an information system – for example, a firewall that surrounds the perimeter of an organization's physical IT infrastructure -- either disappear and/or continuously move based on the business needs for the system. Additionally, trust and security for the service is typically transferred to the cloud provider's physical and virtual infrastructure, while the legal liability remains with the enterprise using the cloud service.As you consider the cloud for any off-site hosted infrastructure, platform, or software services, your organization should only look to outsource routine processes and systems. Once the decision has been made to outsource, it is critical that you have a clear view into the steps the cloud provider has taken to continuously protect your data, the operating systems and the applications accessing and storing that data, including the virtual and physical systems tasked with hosting your environments. These are the top three things to look for:
- Data Confidentiality: Who has access to the system and its data, from which locations/systems/applications, and for which activities. Are there other Cloud instances residing physically next to yours, such as that of your biggest competitor?
- Data Integrity: How are the providers controlling and monitoring how the data has been accessed or manipulated; are they employing any identity management and/or timestamping technologies to authorize access and prove data integrity?
- Data Availability: How are they ensuring operational continuity of the systems and consumption of the data – what are the redundancy, failover, archiving, and recovery technologies and processes?
test
