Sister CISA CISSP

Nov 5 2008   12:01AM GMT

Still Up in the Cloud(s)

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

Per my previous post, it seems that there is suddenly a lot of discussion in the security blogosphere about cloud computing and the security (or lack) thereof. Seems a number of people have taken note of Microsoft’s entry (Azure) into Data Center business development. A lot of really good questions are being asked.

How are these environments going to be secured? I have yet to see anything solid provided. Evidently vendors are content to “wait” until businesspeople tell them what they want. What if they never ask? Where is there a baseline for systems? Access controls? Dare I say “secure software development lifecycle?”

Nothing yet.

For some painful laughter, try reading a poetic critique of cloud computing here from Christopher Hoff.

Follow that up with a dose of reality as to the real origin of “cloud” computing from Reuven Cohen:

I hate to tell you this, it wasn’t Amazon, IBM or even Sun who invented cloud computing. It was criminal technologists, mostly from eastern Europe who did. Looking back to the late 90′s and the use of decentralized “warez” darknets. These original private “clouds” are the first true cloud computing infrastructures seen in the wild. Even way back then the criminal syndicates had developed “service oriented architectures” and federated id systems including advanced encryption. It has taken more then 10 years before we actually started to see this type of sophisticated decentralization to start being adopted by traditional enterprises.

and you begin to see the general take on cloud computing as it is currently being described. I like “thin client” computing. You can put a lot of controls in place that allow a user to have a desktop of their own AND not allow any malware in beyond the next reboot. It makes me nervous to think about some big corporation holding all my data, but banks do it all the time with mainframe applications. That’s where Metavante and Jack Henry, for instance, make their money.

But how do we audit these clouds? It still comes down to WHO has ACCESS to WHAT.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: