Cloud Security Alliance Updates Security Guidelines

Posted 12/18/2009 at 5:13am | by Paul Lilly

0

Comments

Print

Ask any 10 people how they feel about cloud computing and you may end up with 11 answers. Or they may all voice concerns over security. Hoping to change all that, the Cloud Security Alliance on Thursday published the second edition of its guidelines for secure cloud computing.

The 76-page document (PDF) attempts to provide a strict definition on cloud computing, which the alliance labels as computer environments that feature on-demand, self-service consumption, allow broad access via networks, draw from a pool of shared computing resources, can quickly scale either up or down based on demand, and involve some type of usage metering.

"To bring these efficiencies to bear, cloud providers have to provide services that are flexible enough to serve the largest customer base possible, maximizing their addressable market. Unfortunately, integrating security into these solutions is often perceived as making them more rigid," the document states. "This rigidity often manifests in the inability to gain parity in security control deployment in cloud environments compared to traditional IT. This stems mostly from the abstraction of infrastructure, and the lack of visibility and capability to integrate many familiar security controls -- especially at the network layer."

The report looks at cloud security from 13 different angles, including disaster recovery, application security, governance issues, and more.