from an upcoming article series by Char Sample, Senior Scientist, BBN Technologies and Diana Kelley, Partner, SecurityCurve
Hi All – Char and I are working on a set of CC Security articles – here’s our current abstract. Comments on what you’d like to see in the article are welcome!
Cloud Computing is generating a lot of buzz right now – and for good reason. Cloud Computing promises seamlessly integrated services without the high costs traditionally associated with large integration efforts. Cloud computing and software-as-a-service transfers a large portion of the infrastructure set-up and on-going data center management costs from the end-user enterprise to the provider in the cloud. The providers can leverage economies of scale and robust high availability at their massive data centers, passing the savings on to customers.
Although this cloud does have a silver lining, enterprises need to understand the security and business implications of going into the cloud. Without proper assessments and requirement definitions, up front, organizations could find themselves caught in a “storm” of data exposure, uncertain liability, or costly fee structures.
In this multi-part series, Char Sample and Diana Kelley provide a down to earth de-mystification of security concerns and the Cloud phenomenon. Each article begins with an overview explanation of specific cloud security concerns and concludes with a short discussion of countermeasures.
In Part One, they cover infrastructure, management, and routing – with special focus on DNS spoofing and “evil twin” clouds. Part Two discusses host security concerns and data placement considerations. Part Three addresses whether or not enterprises should consider creating their own clouds and how reputational services can help increase overall cloud security.