COLUMN

Cloud computing group to face challenges ahead

By Eric Ogren 15 Apr 2009 | SearchSecurity.com Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

The new Cloud Security Alliance (CSA) has a number of hurdles to climb if it expects to foster a meaningful discussion about cloud computing and provide useful data for organizations planning cloud implementations. The organization announced its formation earlier this month and plans to release a whitepaper in conjunction with its official launch at the RSA Conference in San Francisco.

The CSA is an interesting collection of personalities and interests that have demonstrated successes in security and Internet-oriented businesses. They founded the organization with a mission "to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing."

Cloud Security Alliance: Cloud computing group to tackle security concerns: A new organization will address the security concerns inherent with cloud computing. Security Wire Weekly: Cloud computing security - In this podcast, Jim Reavis of the Cloud Security Alliance talks about the new organization's goals and the challenges ahead for cloud computing.  Download MP3 | Subscribe to Security Wire Weekly

This is not the first, nor will it be the last, security alliance that was formed to get ahead of security issues that may stunt the growth of enticing new technologies. A search on "security alliances" will quickly uncover similar organizations including the Internet Security Alliance, Voice over IP Security Alliance, Document Security Alliance and Radio Frequency Identification (RFID) Security Alliance. Security practitioners are well-schooled in talking about potential security pitfalls in new technologies and in making best practices recommendations.

The primary issue that will determine the influence of the CSA is focus. A boiling ocean of scenarios can arise with so many diverse membership interests with ambitious goals. It can end with results that are too vague to be translated to practical steps for IT. The initial CSA mission statement and cursory domains of best practice research is extraordinarily broad.

To begin, there is not a universally accepted definition of the cloud. Market sizing and hype of cloud computing varies with IDC predicting a $42 billion market by 2012, Gartner seeing a 21.3% revenue increase in 2009 to $56.3 billion, and Merrill Lynch forecasting a $160 billion market by the close of 2011. Each firm uses different definitions behind cloud computing, which helps explain the wide variances in market sizing estimates.

A further example comes from the recently announced 159 member Open Cloud Manifesto group, which is attempting to work on six models of cloud computing:

1. End user to cloud
2. Enterprise to cloud to end user
3. Enterprise to cloud (integration)
4. Enterprise to cloud to enterprise
5. Enterprise to cloud (portability)
6. Private (intra) cloud

Whatever the cloud is, data storage and application processing is conducted off the corporate network, which means security will be a critical capability. While the manifesto organization presents use cases of cloud computing, the security alliance is tackling 15 "Domains of Concern" that would each qualify for its own security alliance organization:

1. Information lifecycle management
2. Governance and Enterprise Risk Management
3. Compliance and Audit
4. General Legal
5. eDiscovery
6. Encryption and Key Management
7. Identity and Access Management
8. Storage
9. Virtualization
10. Application Security
11. Portability and Interoperability
12. Data Center Operations Management
13. Incident Response, Notification, Remediation
14. "Traditional' Security impact (business continuity, disaster recovery, physical security)
15. Architectural Framework

Like clouds themselves, expect the Cloud Security Alliance to start out broadly and then find an area where it can contribute positively. This is a massive undertaking without a great deal of customer experiences to draw upon. The CSA may be better served by first focusing on two or three of the domains and a few of the manifesto group's cloud models to get feedback from the IT community. IT should review the CSA work to cherry-pick ideas for RFPs and RFIs, as corporate requirements to evolve. Both the Cloud Computing Alliance and the Open Cloud Manifesto have LinkedIn groups and can use some help, especially from security professionals working in large enterprises with service provider class networks.

Tags: Virtualization Security Issues and Threats,  Secure SaaS: Cloud services and systems,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Virtualization Security Issues and Threats Web security strategy: Use cloud security services Cloud computing data security starts with internal strategy, experts say PCI virtualization SIG closer to proposing changes to standard Security challenges with cloud computing services Secure virtual desktop software enables remote client security Security threats to virtual environments less theoretical, more practical At VMworld 2009, companies focus on virtual desktops for security Security fundamentals remain focus of virtualization deployments How to implement virtual firewalls in a complex network infrastructure How to find virtual machines for greater virtualization compliance Secure SaaS: Cloud services and systems Cloud computing in 2010: Be ready for risk management challenges Maintaining security after a cloud computing implementation Preparing the network for a cloud computing implementation Web security strategy: Use cloud security services Cloud Security Alliance releases updated guidance Carefully evaluate providers' SaaS security model Should cities demand data breach penalties? How to justify information security spending on cloud computing Cloud computing data security starts with internal strategy, experts say Network security expert urges hardening of cloud protocols

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary