News Stay informed about the latest enterprise technology news and product updates.

Cloud computing group to tackle security concerns

A new organization will address the security concerns inherent with cloud computing.

A new organization plans to provide security advice to companies adopting cloud computing products.
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

The Cloud Security Alliance announced its formation this week. The nonprofit organization will be formally launched April 21 at the RSA Conference 2009 in San Francisco. It will promote the use of best practices for securing cloud computing and educate people on how cloud computing can secure other forms of computing.

Security consultant Jim Reavis, co-founder of the alliance, said the organization wants to provide security education and guidance to companies implementing cloud computing. The organization will also help cloud computing vendors address security in their software delivery model, he said.

Cloud computing:
Will cloud computing and virtualization save the day? Will cloud computing and virtualization make enterprises more secure or leave them more vulnerable?

How to Secure Cloud Computing: On-demand computing services can save both large enterprises and small businesses a lot of money, but security and regulatory compliance become difficult.

"There's always been a connection to an enterprise managing information and having the facilities to do that, but with cloud computing your separating the information you're accountable for and stewardship of that is going to a third party," Reavis said.

Cloud computing is on-demand access to information technology services. Virtualization is the means by which companies access those services, Reavis said. According to Gartner, by 2011 early technology adopters will purchase 40% of their IT infrastructure as a service, "untying applications from specific infrastructure." Security vendors have been retooling their applications under VMware's VMsafe program. Symantec Corp., McAfee Inc., Trend Micro Inc. and others are integrating security tools to address virtualization.

The new alliance will release a technical paper at RSA called "Guidance for Critical Areas of Focus in Cloud Computing." The paper outlines issues that must be addressed for customers and providers of cloud computing. Reavis said the paper is very comprehensive, covering the legal, technology and management issues associated with cloud computing.

"We've farmed out areas to a subject matter expert to look at what are the key risks and opportunities and what's the key guidance we can provide to the consumers of cloud services," he said. "We want to provide pretty pragmatic stuff."

Throughout the year the group also plans to offer expert advice from people in various industries to provide best practice recommendations to companies adopting cloud computing products.

The organization is led by cloud computing and security experts and supported by founding charter companies PGP Corp., Qualys, Inc. and Zscaler, Inc. Security expert and blogger Chris Hoff will serve as the organization's technical director.

Another organization recently launched to address the security challenges associated with cloud computing and support the market growth of the technology. Called the Open Cloud Manifesto, the organization lists security, data and application interoperability and portability, management and governance, and metering and monitoring as some of the areas that need to be addressed by the industry. It counts EMC Corp., IBM Internet Security Systems, Novell Inc. and Sun Microsystems Inc. among its backers.

Dig Deeper on Virtualization security issues and threats

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.