Cloud security: The good, bad and ugly

Cloud security is on everyone’s mind, but opinions vary wildly

Everyone is talking about cloud computing, but security issues are stalling widespread adoption. While vendors work to address enterprise concerns (the good), experts warn there’s no easy fix (the bad). Meanwhile, cloud service outages and criminals operating in the cloud (the ugly) threaten enterprise acceptance of the utility computing model. Here’s a roundup of our most recent cloud security coverage, starting with some positive advances.

The good: Research, partnerships and products

How to reliably audit your cloud provider security One of the biggest issues with cloud services is that there's no reliable mechanism that allows cloud customers to audit their provider’s security when and how they want to. Cloud customers want the ability to run their own security audits, ensure that proper security measures are always in place, and be able to control security policies inside their own private cloud. Network World blogger James Heary discusses the issues and a possible solution from RSA, Intel and VMware.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Everyone is talking about cloud computing, but security issues are stalling widespread adoption. While vendors work to address enterprise concerns (the good), experts warn there’s no easy fix (the bad). Meanwhile, cloud service outages and criminals operating in the cloud (the ugly) threaten enterprise acceptance of the utility computing model. Here’s a roundup of our most recent cloud security coverage, starting with some positive advances.

The good: Research, partnerships and products

How to reliably audit your cloud provider security One of the biggest issues with cloud services is that there's no reliable mechanism that allows cloud customers to audit their provider’s security when and how they want to. Cloud customers want the ability to run their own security audits, ensure that proper security measures are always in place, and be able to control security policies inside their own private cloud. Network World blogger James Heary discusses the issues and a possible solution from RSA, Intel and VMware.

City of Carlsbad connects to the cloud The human resources people at Microsoft were somewhat taken aback when the city of Carlsbad, Calif., started grilling them on what types of background checks Microsoft performs on its own employees. But Gordon Peterson, director of IT for the seaside city just north of San Diego, says that before he would allow municipal e-mails to live in Microsoft's cloud he wanted assurances that the background checks Microsoft conducts on its people were as thorough as the checks Carlsbad conducts on its IT workers. "Security was a big part of the RFP," Peterson says.

How to protect your cloud data The Cloud Security Alliance published the second edition of its guidelines for secure cloud computing, delivering a voluminous document that sets out an architectural framework and makes a host of recommendations around cloud security.

Cloud computing security challenges unite hosting providers, security specialists As cloud computing adoption climbs, hosting providers are inking deals with security vendors to provide security-as-a-service options to customers. But will enterprise IT managers buy into these often novel forms of security woven into a cloud computing environment?

CIA building secure cloud-based system One of the U.S. government's strongest advocates for cloud computing is also one of its most secretive operations: the Central Intelligence Agency. Jill Tummler Singer, the CIA's deputy CIO, said that the spy agency is adopting cloud computing in a big way based on its belief that cloud technology makes IT environments more flexible and secure when kept within a firewall. Computerworld reports the details.

McAfee scans cloud environments for security vulnerabilities McAfee announced a vulnerability-assessment scanning service that's aimed at giving cloud-computing service providers a way to provide security assurances to their customers. Called the McAfee Cloud Secure Program, the daily scanning service is directed from the Internet into the cloud service provider to probe for any weaknesses in the network infrastructure, perimeter and applications