Cloud security: The good, bad and ugly

Cloud security is on everyone’s mind, but opinions vary wildly

While vendors work to address enterprise concerns about cloud computing security, experts warn there’s no easy fix. Meanwhile, cloud service outages and criminals operating in the cloud threaten enterprise acceptance of the utility computing model.

Everyone is talking about cloud computing, but security issues are stalling widespread adoption. While vendors work to address enterprise concerns (the good), experts warn there’s no easy fix (the bad). Meanwhile, cloud service outages and criminals operating in the cloud (the ugly) threaten enterprise acceptance of the utility computing model. Here’s a roundup of our most recent cloud security coverage, starting with some positive advances.

The good: Research, partnerships and products

How to reliably audit your cloud provider security One of the biggest issues with cloud services is that there's no reliable mechanism that allows cloud customers to audit their provider’s security when and how they want to. Cloud customers want the ability to run their own security audits, ensure that proper security measures are always in place, and be able to control security policies inside their own private cloud. Network World blogger James Heary discusses the issues and a possible solution from RSA, Intel and VMware.

City of Carlsbad connects to the cloud The human resources people at Microsoft were somewhat taken aback when the city of Carlsbad, Calif., started grilling them on what types of background checks Microsoft performs on its own employees. But Gordon Peterson, director of IT for the seaside city just north of San Diego, says that before he would allow municipal e-mails to live in Microsoft's cloud he wanted assurances that the background checks Microsoft conducts on its people were as thorough as the checks Carlsbad conducts on its IT workers. "Security was a big part of the RFP," Peterson says.

How to protect your cloud data The Cloud Security Alliance published the second edition of its guidelines for secure cloud computing, delivering a voluminous document that sets out an architectural framework and makes a host of recommendations around cloud security.

Cloud computing security challenges unite hosting providers, security specialists As cloud computing adoption climbs, hosting providers are inking deals with security vendors to provide security-as-a-service options to customers. But will enterprise IT managers buy into these often novel forms of security woven into a cloud computing environment?

CIA building secure cloud-based system One of the U.S. government's strongest advocates for cloud computing is also one of its most secretive operations: the Central Intelligence Agency. Jill Tummler Singer, the CIA's deputy CIO, said that the spy agency is adopting cloud computing in a big way based on its belief that cloud technology makes IT environments more flexible and secure when kept within a firewall. Computerworld reports the details.

McAfee scans cloud environments for security vulnerabilities McAfee announced a vulnerability-assessment scanning service that's aimed at giving cloud-computing service providers a way to provide security assurances to their customers. Called the McAfee Cloud Secure Program, the daily scanning service is directed from the Internet into the cloud service provider to probe for any weaknesses in the network infrastructure, perimeter and applications

Start-up links VMware with Amazon to create secure cloud storage A storage start-up called Nasuni is unveiling a virtual NAS file server that runs on VMware and connects customers to cloud platforms such as Amazon's Simple Storage Service, adding encryption to enhance security and several features to improve performance.

SafeNet looks to secure data in the cloud Encryption vendor SafeNet is now offering technologies that help enterprises securely store and access information held in third-party data centers.

The bad: Confusion and concern

Former NSA tech chief: I don't trust the cloud The former National Security Agency technical director says he doesn't trust cloud services and bluntly admonished vendors for leaving software vulnerabilities unpatched sometimes for years. Speaking for himself and not the agency, Brian Snow says that cloud infrastructure can deliver services that customers can access securely, but the shared nature of the cloud leaves doubts about attack channels through other users in the cloud. "You don't know what else is cuddling up next to it," he told RSA Conference attendees.

Cloud security: Root of trust The risks in cloud computing can be quite different from on-premises computing, says Andreas Antonopoulos of Nemertes Research. We have to secure our systems against at least three different angles of attack: those from the Internet; those from other "tenants"; and those from the cloud computing provider's staff.

Security of virtualization, cloud computing divides IT and security pros Security pros don’t see eye to eye when discussing the security implications of virtualization and cloud computing. One-third of those polled by Applied Research believe both techs make security harder, while another third said “more or less the same” and the last group said “easier."

Cloud security fears are overblown, some say It may sound like heresy to say it, but it's possible to worry a little too much about security in cloud computing environments, some experts say. Keeping data secure is critical, of course, but companies need to be realistic about the level of security they achieve inside their own business, and how that might compare to a cloud provider such as Amazon Web Services or "I think a lot of security objections to the cloud are emotional in nature, it's reflexive," said Joseph Tobolski, director for cloud computing at Accenture. "Some people create a list of requirements for security in the cloud that they don't even have for their own data center."

Researchers advise cyber self defense in the cloud Security researchers are warning that Web-based applications are increasing the risk of identity theft or losing personal data more than ever before. The best defense against data theft, malware and viruses in the cloud is self defense, but getting people to change how they use the Internet, such as what personal data they make public, won't be easy.

Security worries muddy cloud computing promises (podcast) Dave Hansen, corporate senior vice president and general manager of the Security and Compliance business unit at CA discusses cloud security and privacy in an effort to separate reality from hype. (10:47)

The ugly: Hacks and outages

The biggest cloud on the planet is owned by ... the crooks Who's got the biggest cloud in the tech universe? Google? Pretty big, but no. Amazon? Lots and lots of servers, but not even close. Microsoft? They're just getting started. Household names all, but their capacity pales to that of the biggest cloud on the planet, the network of computers controlled by the Conficker computer worm.

Twitter/Google Apps hack raises questions about cloud security Questions about cloud security and the feasibility of storing critical information in Web-based services were being raised in the wake of a hacking incident involving Twitter and Google Apps.

Amazon called out over cloud security, secrecy Amazon's cloud computing service should not be used for applications that require advanced security and availability, the Burton Group analyst firm says in a report accusing Amazon of secrecy regarding its cloud data centers.

From Sidekick to Gmail: A short history of cloud computing outages A string of high profile cloud computing outages have grabbed headlines over the past couple of years. Inevitably, the coverage of the initial outage is followed by explanations of why the outage happened (human error, network equipment, hackers, etc.) and analysis stories pointing out the pitfalls of putting your faith in the cloud.

Latest cloud storage hiccups prompt data security questions Cloud storage providers pledge that putting valuable data into their hands is like keeping money in a bank. However, cloud computing vendors continue to be plagued with periodic shutdowns and losses of customer data, Computerworld reports.

Copyright © 2010 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022