So will applying conventional security approaches and best practices be enough for low-risk, high-reward, cloud computing adoption? Most importantly, how do companies know when they are prepared to begin adopting cloud practices without undo security risks? Reiner: There are security concerns to cloud computing. Relative to the security concerns in the ideal enterprise mode of operation, there is some good systematic risk analysis to model the threats that might impinge upon this particular application and the data it processes, and then to assess the suitability of different environments for potential deployment of that stuff. There are a lot more question marks around today's generation of public-cloud services, generally speaking, than there are around the internal computing platforms that enterprises can use. So it's easier to answer those questions. It's not to say the answers are necessarily better or different, but the questions are easier to answer with respect to the … [Read more...] about Cloud Security Panel: Is cloud computing more or less secure than on-premises IT?
Security issues in cloud computing
Everyone in the IT industry is talking about cloud computing, but there is still confusion about what the cloud is, how it should be used and what problems and challenges it might introduce. This FAQ will answer some of the key questions enterprises are asking about cloud computing.What is cloud computing?Gartner defines cloud computing as "a style of computing in which massively scalable IT-related capabilities are provided 'as a service' using Internet technologies to multiple external customers." Beyond the Gartner definition, clouds are marked by self-service interfaces that let customers acquire resources at any time and get rid of them the instant they are no longer needed.The cloud is not really a technology by itself. Rather, it is an approach to building IT services that harnesses the rapidly increasing horsepower of servers as well as virtualization technologies that combine many servers into large computing pools and divide single servers into multiple virtual machines that … [Read more...] about FAQ: Cloud Computing, Demystified
Cloud computing is big even though there is less than perfect agreement on just what it is.As a measure of success, Google gets more than 25 million hits for the term "cloud computing". If you add "security" to the search you still get 20 million hits, but a lot of the hits turn out to be articles focusing on the security issues with cloud computing.A representative example is an article quoting Cisco CEO John Chambers saying that cloud computing is "a security nightmare." It's good to see that there are now some potentially meaningful efforts to think about the security issues with cloud computing.One of these is by the ad-hoc Cloud Security Alliance, which published a "Security Guidance for Critical Areas of Focus in Cloud Computing" white paper last week. Sad to say, the guidance is as focused as the white paper's title.The alliance does seem to have its heart in the right place, and the white paper provides a very good overview of what cloud computing includes, but it also … [Read more...] about Cloud Computing Security: Who Knew?
The security gaps in cloud computing demand greater scrutiny than traditional IT outsourcing models, a new Forrester report says.With traditional outsourcing models, a customer places its own servers in someone else's data center, or a service provider manages devices dedicated to that customer. But multi-tenancy rules the day in cloud computing, and customers may not know where their data is stored or how it's replicated, Forrester analyst Chenxi Wang writes in a report titled "How secure is your cloud?" "Cloud computing decouples data from infrastructure and obscures low-level operational details, such as where your data is and how it's replicated," Wang writes. "Multi-tenancy, while it is rarely used in traditional IT outsourcing, is almost a given in cloud computing services. These differences give rise to a unique set of security and privacy issues that not only impact your risk management practices, but have also stimulated a fresh evaluation of legal issues in areas such as … [Read more...] about Forrester: Need for Scrutiny Heightened in Cloud Security
Security and privacy issues over cloud computing are not very different from those surrounding any sort of IT outsourcing and need to be treated that way, security managers and analysts say in the wake of breaches involving Twitter and Google Apps.The incident has resurfaced many familiar concerns relating to cloud computing and is raising questions over a multimillion-dollar plan by the city of Los Angeles to move its e-mail and office applications to the cloud.While many of the concerns are valid, it's important to retain perspective around them, security experts said."These concerns are very similar to the concerns and risks associated with traditional data storage outsourcing, offshoring, or other forms of remote data access," said Christopher Pierson, chief privacy officer with a large financial institution, which he asked not be identified. "Within the cloud, the standard issues of user access, authentication, encryption, location of storage all exist and need to be thought … [Read more...] about Twitter breach revives security issues with cloud computing
As cloud computing adoption climbs, hosting providers are inking deals with security vendors to provide security-as-a-service options to customers. But will enterprise IT managers buy into these often novel forms of security woven into a cloud computing environment? Are security issues delaying adoption of cloud computing? Cloud Security: Ten Questions to Ask Before You Jump In There's definitely some resistance as IT and security managers struggle to sort out risk factors and compliance issues."A good number of organizations are now using what they consider to be cloud services," says Bill Trussell, managing director of security research at TheInfoPro, which just published its semi-annual survey of information security professionals at large and midsize firms in North America. But when TheInfoPro asked respondents about whether they'd use cloud-based security services in cloud computing environments, less than 15% cited that as being very likely."When asked whether … [Read more...] about Cloud Computing Security Challenges Unite Hosting Providers, Security Specialists
You know there's substance behind a technology buzzword when companies such as the Nasdaq OMX stock exchange and the New York Times publishing company use it for real production efforts. Cloud computing is the latest buzzword that vendors are using to spruce up the usual sales spiel, and the fever pitch is enough to make you think, "Dot-com boom, here we go again." While the skepticism is warranted, something very real is happening, and IT needs to pay attention.So what are Nasdaq and the Times doing? In a phrase, utility computing. Both have tapped into Amazon.com's Internet-provisioned computing and storage services -- Elastic Compute Cloud (EC2) and Simple Storage Service (S3) -- to augment their own IT resources.The Times processed 4TB of data through EC2 and S3, using a credit card to get the service going in a matter of minutes so that it could convert scans of 15 million news stories into PDFs for online distribution. Nasdaq uses S3 to deliver historical stock and mutual fund … [Read more...] about Early experiments in cloud computing
Organizations are increasingly looking to cloud computing to improve operational efficiency, reduce headcounts, and help with the bottom line. But security and privacy concerns present a strong barrier-to-entry. In an age when the consequences and potential costs of mistakes are rising fast for companies that handle confidential and private customer data, IT security professionals must develop better ways of evaluating the security and privacy practices of cloud services. Cloud computing comes in many forms: There are SaaS providers like salesforce.com; platform-as-a-service (PaaS) like Amazon's SimpleDB; Web services that offer application programming interfaces (APIs) that enable developers to exploit functionality over the Internet, such as Yahoo! Maps and Flickr; and infrastructure as service plays like those offered by Rackspace, Terramark, and Savvis. Different from traditional outsourcing where it is still very much standalone computing, cloud decouples data from infrastructure … [Read more...] about Forrester: A Close Look At Cloud Computing Security Issues
Companies looking to reduce their IT costs and complexity by tapping into cloud computing services should first make sure that they won't be stepping on any privacy land mines in the process, according to a report released this week by the World Privacy Forum.The report runs counter to comments made last week at an IDC cloud computing forum, where speakers described concerns about data security in cloud environments as overblown and "emotional." But the World Privacy Forum contends that while cloud-based application services offer benefits to companies, they also raise several issues that could pose significant risks to data privacy and confidentiality."There are a whole lot of companies out there that are not thinking about privacy" when they consider cloud computing, said Pam Dixon, executive director of the Cardiff, Calif.-based privacy advocacy group. "You shouldn't be putting consumer data in the cloud until you've done a thorough [privacy] review."According to the World Privacy … [Read more...] about Potential Privacy Gotchas in Cloud Computing
Cloud Computing can help your business reduce costs as you don’t have to invest in hardware and other physical infrastructure, your data is stored on a secure location and you only pay for what you use – there are no licensing fees associated with cloud computing.That said, there are some important legal issues that must be taken care of before you sign-up with any of the cloud vendors for your business.These issues, discussed below, are more relevant for business owners who are planning to shift to the cloud and may not really matter if you are a consumer who merely uses the cloud for storing emails or office documents. 1. The Physical Location of your Data 1a. Where is your data stored physically? 1b. If a dispute arises, what will be the place of jurisdiction?Say you are a business owner in China and your cloud service provider is based in the US. The vendor will definitely prefer settling the case in in an American court but as a customer, do you have the … [Read more...] about The Legal Issues Around Cloud Computing