Page 3 of 3
Vetting cloud providers for the degree of security they can provide isn't yet straightforward. That's starting to change, however, as both cloud providers mature, and industry groups pull together ways to quantify cloud security. Late last year the Cloud Security Alliance (CSA) released its Cloud Controls Matrix (CCM) as a way to help cloud services providers, customers, and solution providers to assess the overall security risk of a cloud provider. The CCM is a controls framework that helps all parties align security to things like cloud architecture, legal and e-Discovery, compliance and audit, application security, and others.
CSA is also working on the development of cloud security and privacy standards with the International Organization for Standardization /International Electrotechnical Commission (ISO/IEC) to build guidelines on information security controls for the use of cloud computing services based on Information Security Management System controls.
While such standards and best practices are starting to mature for the cloud, security applications specifically designed for cloud computing, are starting to surface. Earlier this year, cloud encryption provider CipherCloud launched data encryption and tokenization services for a number of cloud platforms, such as Salesforce.com and Google Apps. Through a virtual appliance, data is encrypted before it is sent to the cloud application. The encryption keys reside within the enterprise and are not extended out onto any cloud services.
Also earlier this year, security firm CloudPassage announced it would help reign firewall and system configurations within the cloud. The company says its Halo SVM (Server Vulnerability Management) and Halo Firewall are the first server security and compliance services built specifically for clouds. "It's good to see vendors that are trying to tackle some of these issues with cloud-based solutions," says Securosis' Rothman.
Solution providers, for their part, say they are prepared to tackle the thorny issues that cloud security entails.
"There's nothing new about the security used in the cloud," adds Ramsey. "For us and other service companies bringing services to the cloud is another delivery model for something already being delivered in other ways. And the disruption cloud brings to the market makes it a great time to be in services," he says.
<< Previous | 1 | 2 | 3