 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Cloud computing security
An intriguing piece in Defense Systems indicated that the US Army is deploying a cloud based military intelligence system in Afghanistan. Let’s hope it’s secure.
ENISA’s Cloud Computing: Benefits, Risks and Recommendations for Information Security is another
good report from the European Network Information Security Agency: “The key conclusion of this paper is that the cloud’s economies of scale and flexibility are both a friend and a foe from a security point of view.
The massive concentrations of resources and data present a more attractive target to attackers, but cloud-based defences can be more robust, scalable and cost-effective ...”
The Cloud Security Alliance’s Security Guidance for Critical Areas of Focus in Cloud Computing covers
most of the security risks. The CSA’s 50-question US$295 online (presumably cloud-computing based!) test for their Certificate of Cloud Security Knowledge (CCSK) has already spawned sites offering assistance
and information to those desperate for a qualification ... almost any qualification ...
The presentations are available from a NIST workshop on cloud computing held in May 2010. NIST has a project looking into the security aspects of cloud computing. It has released SP 800-145 A NIST Definition of Cloud Computing in an attempt to scope or get a handle on cloud computing, an inherently nebulous concept, and SP 800-144 Guidelines on Security and Privacy in Public Cloud Computing with an introduction to cloud security issues.
Read Computer Weekly’s take on cloud computing security.
Never one to miss a wave, here’s Gartner’s list of 7 cloud risks.
Virtualization security
IEEE has launched a project to develop interoperability standards for cloud computing. The main driver appears at this point to be enabling portability of cloud apps between [virtual] platforms.
NIST’s SP 800-125 Guide to Security for Full Virtualization Technologies is just 35 pages long but
basically describes the state of the art in virtualization security.
Network World’s recent review of products to secure virtual platforms was unable to choose an overall winner: the market is probably too immature.
A simple introduction to the security aspects of virtual systems promotes patching and hardening. Fair enough.
Related NoticeBored links collections
IT governance, Internet & network security, information security risk management, IT operations,
compliance, contingency planning, malware, hacking, social engineering, application security.
NB: we do not necessarily endorse or agree with the third party websites accessible through the links. Use at your own risk. Please let us know about new or broken links.
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Copyright © 2012 IsecT Ltd.