New Guidelines for Securing the Cloud

By Lawrence Walsh  |  Print this article Print


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

The Cloud Security Alliance released new guidelines for businesses evaluating a migration to cloud computing. What it isn’t included is security as an integral part of the basic cloud computing definition, which raises the question of who is actually responsible for securing the cloud.

The Cloud Security Alliance has released the second version of its cloud computing security guidelines. The document is not a prescription for securing cloud computing assets or applications, but rather guidelines for determining risk exposure and tolerance for enterprises adopting cloud computing services.

The 76-page document is exhaustive review of cloud security considerations ranging from governance and regulatory compliance, risk management, data discovery issues, data portability and system interoperability, and operational issues. The document, which remains a work in progress by the Cloud Security Alliance working group, covers just about all the security considerations an enterprise would need to consider when evaluating cloud computing options.

As the editor of the guidelines advise:

"With so many different cloud deployment options — including the SPI service models (SPI refers to Software as a Service, Platform as a Service, or Infrastructure as a Service, explained in depth in Domain 1); public vs. private deployments, internal vs. external hosting, and various hybrid permutations — no list of security controls can cover all circumstances. As with any security area, organizations should adopt a risk-based approach to moving to the cloud and selecting security options."

What’s missing from the document is a suggestion for modifying the definition of cloud computing to include security. In a conversation earlier this week with Archie Reed, a distinguished technologist at Hewlett-Packard who is studying cloud computing and security issues, told me that everyone talks about cloud as an means to reducing cost and increasing efficiency. Security, however, remains an afterthought.

"No one says cloud security is part of the scale and elasticity of cloud services," he said in our conversation. "People are losing confidence, so the question is whether they’re willing to pay extra for these elastic services."

>> Click here to read the rest of the report and join the discussion on the Channel Cloud Computing Blog

Lawrence Walsh Lawrence Walsh is editor of Baseline magazine, overseeing print and online editorial content and the strategic direction of the publication. He is also a regular columnist for Ziff Davis Enterprise's Channel Insider. Mr. Walsh is well versed in IT technology and issues, and he is an expert in IT security technologies and policies, managed services, business intelligence software and IT reseller channels. An award-winning journalist, Mr. Walsh has served as editor of CMP Technology's VARBusiness and GovernmentVAR magazines, and TechTarget's Information Security magazine. He has written hundreds of articles, analyses and commentaries on the development of reseller businesses, the IT marketplace and managed services, as well as information security policy, strategy and technology. Prior to his magazine career, Mr. Walsh was a newspaper editor and reporter, having held editorial positions at the Boston Globe, MetroWest Daily News, Brockton Enterprise and Community Newspaper Company.

Submit a Comment

Loading Comments...