Posted by: admin | Posted on: July 31st, 2009 | 0 Comments
One of the more interesting sessions that I attended today discussed cloud security and some of the key issues organizations face when moving data across open, untrusted networks. These issues include the limitations of available security models, clear definition of data ownership, lack of visibility into incident management and resolution, and the need for comprehensive auditing. I walked away with the belief that the current vendor models offer customers too little control over their own data and applications to be viable in their current form.
Despite these challenges, cloud computing offers a number of benefits that make the solution an attractive opportunity, including reduced application deployment times, increased storage, reduced administration, and a pay-as-you-go model that matches expenditures with usage levels. Based on the sessions I attended, I believe that there are four fundamental areas that need to be addressed by vendors to make the cloud an attractive solution:
- Better define and implement Data/Application Security
- Provide incident management either directly, or facilitated through a trusted 3rd party
- Provide Audit and Compliance functionality
- Define an exit strategy for customers so they can bring data and applications back in house easily without incurring undue risk (e.g., loss of data)