Cloud computing group to face challenges ahead

The Cloud Security Alliance will need to sharpen its focus if it expects to contribute useful information and foster a discussion around security in the cloud.

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

The new Cloud Security Alliance (CSA) has a number of hurdles to climb if it expects to foster a meaningful discussion about cloud computing and provide useful data for organizations planning cloud implementations. The organization announced its formation earlier this month and plans to release a whitepaper in conjunction with its official launch at the RSA Conference in San Francisco.

The CSA is an interesting collection of personalities and interests that have demonstrated successes in security and Internet-oriented businesses. They founded the organization with a mission "to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing."

Cloud Security Alliance:
Cloud computing group to tackle security concerns: A new organization will address the security concerns inherent with cloud computing.

Security Wire Weekly: Cloud computing security - In this podcast, Jim Reavis of the Cloud Security Alliance talks about the new organization's goals and the challenges ahead for cloud computing.  Download MP3 | Subscribe to Security Wire Weekly

This is not the first, nor will it be the last, security alliance that was formed to get ahead of security issues that may stunt the growth of enticing new technologies. A search on "security alliances" will quickly uncover similar organizations including the Internet Security Alliance, Voice over IP Security Alliance, Document Security Alliance and Radio Frequency Identification (RFID) Security Alliance. Security practitioners are well-schooled in talking about potential security pitfalls in new technologies and in making best practices recommendations.

The primary issue that will determine the influence of the CSA is focus. A boiling ocean of scenarios can arise with so many diverse membership interests with ambitious goals. It can end with results that are too vague to be translated to practical steps for IT. The initial CSA mission statement and cursory domains of best practice research is extraordinarily broad.

To begin, there is not a universally accepted definition of the cloud. Market sizing and hype of cloud computing varies with IDC predicting a $42 billion market by 2012, Gartner seeing a 21.3% revenue increase in 2009 to $56.3 billion, and Merrill Lynch forecasting a $160 billion market by the close of 2011. Each firm uses different definitions behind cloud computing, which helps explain the wide variances in market sizing estimates.

A further example comes from the recently announced 159 member Open Cloud Manifesto group, which is attempting to work on six models of cloud computing:

  1. End user to cloud
  2. Enterprise to cloud to end user
  3. Enterprise to cloud (integration)
  4. Enterprise to cloud to enterprise
  5. Enterprise to cloud (portability)
  6. Private (intra) cloud

Whatever the cloud is, data storage and application processing is conducted off the corporate network, which means security will be a critical capability. While the manifesto organization presents use cases of cloud computing, the security alliance is tackling 15 "Domains of Concern" that would each qualify for its own security alliance organization:

  1. Information lifecycle management
  2. Governance and Enterprise Risk Management
  3. Compliance and Audit
  4. General Legal
  5. eDiscovery
  6. Encryption and Key Management
  7. Identity and Access Management
  8. Storage
  9. Virtualization
  10. Application Security
  11. Portability and Interoperability
  12. Data Center Operations Management
  13. Incident Response, Notification, Remediation
  14. "Traditional' Security impact (business continuity, disaster recovery, physical security)
  15. Architectural Framework

Like clouds themselves, expect the Cloud Security Alliance to start out broadly and then find an area where it can contribute positively. This is a massive undertaking without a great deal of customer experiences to draw upon. The CSA may be better served by first focusing on two or three of the domains and a few of the manifesto group's cloud models to get feedback from the IT community. IT should review the CSA work to cherry-pick ideas for RFPs and RFIs, as corporate requirements to evolve. Both the Cloud Computing Alliance and the Open Cloud Manifesto have LinkedIn groups and can use some help, especially from security professionals working in large enterprises with service provider class networks.


Eric Ogren is founder and principal analyst of the Ogren Group, which provides industry analyst services for vendors focusing on virtualization and security. Prior to founding the Ogren Group, Eric served as a security industry analyst for the Yankee Group and ESG. Ogren has also served as vice president of marketing at security startups Okena, Sequation and Tizor. He can be reached by sending an email to eric@ogrengroup.com.

Dig deeper on Cloud Computing Virtualization: Secure Multitenancy - Hypervisor Protection

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly

Close