Cloud computing security developments

Last week’s excellent ISSA-UK Chapter meeting, kindly hosted by KPMG, highlighted two interesting security developments in cloud computing.

The first was that this is a rapidly developing subject area. At the start of 2009, very little analysis on the risks and solutions could be found. Now we have several guidelines and can listen to a raft of articulate presentations on the subject. 

The second is that some security thinking on this subject is misconceived: recommending that clients undertake rigorous due diligence, audits and real-time monitoring. That approach would bring vendor services to a halt and lead to a massive duplication of effort.

The whole point of cloud services is to deliver a standardized, uninterrupted service. Vendors should be persuaded to provide the highest level of independent assurances to clients. That’s where our attention should now focus: on agreeing the nature of the standards, assurances and ongoing information feeds that we need.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

with enterprises still hesitant to adopt cloud computing, is is no surprise that they pretty much echo one another regards the concerns of security and reliability in the 'cloud' This topic relates to Global Security Challenge LLP's latest competition, The Cloud Security Challenge 2010. We invite ideas/innovations that help to make cloud computing secure and reliable to enter. Backed by HP Labs, 1st prize is $10,000, exclusive mentoring along with access to HP Labs testing facilities. The Cloud Security Challenge 2010 is also supported by cloudsecurity,org and Please visit www.globalsecuritychallenge for more details and entry submission. We are always on the look out for organisations like Novell to become involved and welcome inquiries of this nature also. All the best, Team GSC