« A View from the Other Side | Main | Risks Around Hosted Email »

June 25, 2009


Saqib Ali


NIST has published a working draft of the Cloud Computing Security presentation:

Some of the Security Advantages mentioned in the presentation are:

1. Shifting public data to a external cloud reduces the exposure of the internal sensitive data
2. Cloud homogeneity makes security auditing/testing simpler
3. Clouds enable automated security management
4. Redundancy / Disaster Recovery
5. Data Fragmentation and Dispersal
6. Dedicated Security Team
7. Greater Investment in Security Infrastructure
8. Fault Tolerance and Reliability
9. Greater Resiliency
10. Hypervisor Protection Against Network Attacks
11. Possible Reduction of C&A Activities (Access to Pre-Accredited Clouds)
12. Simplification of Compliance Analysis
13. Data Held by Unbiased Party (cloud vendor assertion)
14. Low-Cost Disaster Recovery and Data Storage Solutions
15. On-Demand Security Controls
16. Real-Time Detection of System Tampering
17. Rapid Re-Constitution of Services
18. Advanced Honeynet Capabilities

What are your thoughts on these benefits?

Dan Blum

I don't think all of these are security advantages, for example, I disagree completely with (1). Many of those cited as advantages are not unique to public clouds. Those advantages that are unique to large public clouds (like greater resiliency) are only potential advantages depending on the actual implementation and many other factors.


Saqib Ali


I agree that it will depend on the actual implementation. It usually does for everything. For e.g. you can create world's most secure cipher, but the poor implementation is usually the weakest link.

But in theory, if cloud services are implemented properly, I think NIST's list of advantages hold true.


The comments to this entry are closed.

  • Burton Group Free Resources Stay Connected Stay Connected Stay Connected Stay Connected

Blog powered by Typepad