The Cloud Security Silver Lining

By George V. Hulme
May 10, 2011 9:00 AM ET

Page 3 of 3

Vetting cloud providers for the degree of security they can provide isn't yet straightforward. That's starting to change, however, as both cloud providers mature, and industry groups pull together ways to quantify cloud security. Late last year the Cloud Security Alliance (CSA) released its Cloud Controls Matrix (CCM) as a way to help cloud services providers, customers, and solution providers to assess the overall security risk of a cloud provider. The CCM is a controls framework that helps all parties align security to things like cloud architecture, legal and e-Discovery, compliance and audit, application security, and others.

CSA is also working on the development of cloud security and privacy standards with the International Organization for Standardization /International Electrotechnical Commission (ISO/IEC) to build guidelines on information security controls for the use of cloud computing services based on Information Security Management System controls.

While such standards and best practices are starting to mature for the cloud, security applications specifically designed for cloud computing, are starting to surface. Earlier this year, cloud encryption provider CipherCloud launched data encryption and tokenization services for a number of cloud platforms, such as Salesforce.com and Google Apps. Through a virtual appliance, data is encrypted before it is sent to the cloud application. The encryption keys reside within the enterprise and are not extended out onto any cloud services.

Also earlier this year, security firm CloudPassage announced it would help reign firewall and system configurations within the cloud. The company says its Halo SVM (Server Vulnerability Management) and Halo Firewall are the first server security and compliance services built specifically for clouds. "It's good to see vendors that are trying to tackle some of these issues with cloud-based solutions," says Securosis' Rothman.

Solution providers, for their part, say they are prepared to tackle the thorny issues that cloud security entails.

"There's nothing new about the security used in the cloud," adds Ramsey. "For us and other service companies bringing services to the cloud is another delivery model for something already being delivered in other ways. And the disruption cloud brings to the market makes it a great time to be in services," he says.

<< Previous | 1 | 2 | 3

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Tech 10: Hot Antivirus Alternatives For 2013 CRN identifies 10 vendors that have developed innovative ways to detect malware and analyze threats to better protect corporate networks. They take a giant step beyond traditional signature technologies.
	10 Emerging Security Technologies Gaining Interest, Adoption Despite some security defenses being only in their infancy, they are attracting interest for addressing BYOD issues, cloud security concerns and stolen account credentials. Here's a look at some of the top new security areas gaining industry interest.
	5 Government Intelligence Facilities You've Never Heard Of One facility has been around since the dawn of space exploration, while other buildings are still in construction. But, they all have serious data analysis and surveillance support activities associated with them.
	More Slide Shows