Friday, October 23, 2009

Cloud Computing Security Trends and Issues

Gartner’s positioning of cloud computing at the top of its top 10 strategic technologies for 2010 confirms that cloud computing has arrived and is here to stay. Cloud computing will help businesses achieve their goals of cost optimization, efficiency, improving decision-making, increasing revenue, and improving collaboration with colleagues and customers.
Just as cloud computing is changing the technology and business landscape of enterprise computing, it’s also changing the security landscape from the earlier approach of building a perimeter, which is still required, to other tasks such as monitoring user activity. This is necessary because employees are increasingly interacting and posting information on social-media sites outside of their firewalls; abusing their access to internal systems; and clicking on links that may infect their networks with malware. “Security – activity monitoring” is also on Gartner’s list of top 10 strategic technologies for 2010, emphasizing the importance of adapting security to support cloud computing.
In this article in InformationWeek, Pacific Labs CIO Jerry Johnson identifies protecting information containers such as workstations, servers, and portable media, and protecting information itself with digital rights management as important initiatives for cloud computing security. Again, building a perimeter around the network is not enough.
panel of information security experts at the InformationWeek 500 conference spoke about another aspect of cloud computing that is changing the security landscape: virtualization. The issue with virtualization is that networks, storage, and applications may change physical locations, and security must account for this. This blog post and video from Cisco Systems briefly explains the benefits and security implications of virtualization. This article summarizes other security issues that the InformationWeek 500 security panel discussed.
There are many articles expressing concern about security with cloud-computing providers. One issue here is that customer data resides in the data centers of cloud providers along with data from other customers. Eva Chen, CEO of Trend Micro, suggests in this article that customers use identity-based encryption to protect their data so that only they can access their data with an encryption key. This also addresses concerns about virtualization, because no one but the customer can view the encrypted data no matter where it resides.
Another security issue with cloud computing is that employees will have access to many more niche applications, such as business intelligence,enterprise mashup dashboards, price optimization, and enterprise relationship management, that quickly provide business value. End users and IT departments will need a way to manage the access to so many cloud-based applications. TriCipher provides a cloud-based authentication and single sign-on solution, myOneLogin, which allows end users to access their authorized applications with a single user name and password. TriCipher’s solution also allows administrators to quickly and centrally grant and revoke access to applications.
For more information, the Cloud Security Alliance provides a wealth of information about cloud security, including this 83-page guide, “Security Guidance for Critical Areas of Focus in Cloud Computing.” SC and CSO magazines focus exclusively on information security; SC magazine is launching a webcast channel for information security here. Finally, RSA issued this news release of seven guiding principles to “maximize megatrends redefining the information security industry.”
As enterprises move toward cloud computing solutions for efficiency, cost optimization, flexibility, and return on investment, security professionals and vendors are adapting and adding value to the new computing model.
What are the security issues your organization sees with cloud computing, and what are some of the steps you’re taking?

No comments:

Post a Comment