Securing The Cloud

By Ben Halpert — September 08, 2008

What is cloud computing? In its most basic form, cloud computing is outsourced hosting of data and services. It's often referred to as utility computing or grid computing.

There is no loss of praise for cloud computing. The many benefits being touted by industry press and analysts include cost savings, being "Green" and achieving on-demand access to applications from anywhere. That is, until we start talking about the potential risks and security implications of leveraging cloud computing.

The three basic tenets of information security and assurance are confidentiality, integrity, and availability, also known as CIA.

Confidentiality provides that information is only accessible to intended parties. Integrity ensures that the information has not been modified. Availability implies that information is available when it is needed.  

Applying the concepts of CIA to cloud computing environments at a cursory level, these are a few questions you should ask your cloud computing provider:

  • From a confidentiality perspective, what controls are in place to ensure that other cloud customers can't view personal or organizational data?

  • What about integrity; what assurances are provided that data has not been changed while "in the cloud."

  • From an availability perspective, how can you ensure that data will be available and will be in a usable form when it is most needed?

  • Where is the empirical evidence to prove any security assertions provided? Has an independent third party assessed your cloud computing environment?

This discussion should provide you with a good starting point to determine if cloud computing makes sense for your environment based on the security controls provided in the cloud.

Ben Halpert, CISSP, is an information security researcher and practitioner and writes monthly about security.  Comments, questions and requests can be sent to him at editor@mobileenterprisemag.com; please include SECURITY in the subject line.

POST A COMMENT

comments powered by Disqus

RATE THIS CONTENT (5 Being the Best)

12345
Current rating: 0 (0 ratings)

MOST READ STORIES

topics

Must See


FEATURED REPORT

Mobility Outlook 2015: People & Process Coming Together

The progression of mobility in the enterprise so far is akin to a child entering its early awkward teenage years, according to 451 Analyst Chris Marsh. How will this change in 2015? What trends need to go and what's coming? This exclusive report explores looks ahead and Marsh provides practical recommendations.