« A View from the Other Side | Main | Risks Around Hosted Email »

June 25, 2009

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341e76b553ef0115706522a2970c

Listed below are links to weblogs that reference Cloud Computing: Who is in Control?:

Comments

Saqib Ali

Dan,

NIST has published a working draft of the Cloud Computing Security presentation:
http://csrc.nist.gov/groups/SNS/cloud-computing/index.html

Some of the Security Advantages mentioned in the presentation are:

1. Shifting public data to a external cloud reduces the exposure of the internal sensitive data
2. Cloud homogeneity makes security auditing/testing simpler
3. Clouds enable automated security management
4. Redundancy / Disaster Recovery
5. Data Fragmentation and Dispersal
6. Dedicated Security Team
7. Greater Investment in Security Infrastructure
8. Fault Tolerance and Reliability
9. Greater Resiliency
10. Hypervisor Protection Against Network Attacks
11. Possible Reduction of C&A Activities (Access to Pre-Accredited Clouds)
12. Simplification of Compliance Analysis
13. Data Held by Unbiased Party (cloud vendor assertion)
14. Low-Cost Disaster Recovery and Data Storage Solutions
15. On-Demand Security Controls
16. Real-Time Detection of System Tampering
17. Rapid Re-Constitution of Services
18. Advanced Honeynet Capabilities

What are your thoughts on these benefits?

Dan Blum

Saqib,
I don't think all of these are security advantages, for example, I disagree completely with (1). Many of those cited as advantages are not unique to public clouds. Those advantages that are unique to large public clouds (like greater resiliency) are only potential advantages depending on the actual implementation and many other factors.

Dan

Saqib Ali

Dan,

I agree that it will depend on the actual implementation. It usually does for everything. For e.g. you can create world's most secure cipher, but the poor implementation is usually the weakest link.

But in theory, if cloud services are implemented properly, I think NIST's list of advantages hold true.

Saqib

The comments to this entry are closed.

  • Burton Group Free Resources Stay Connected Stay Connected Stay Connected Stay Connected


Blog powered by Typepad