From a security point of view, every time we come to grips with new technology it seems we have to reinvent our understanding of what makes something secure or not. In reality, however, we already know most of the things we are going to have to do, we just need to learn the nuances and language of the new hardware or software and apply them.
Remember: When Java was going to make everything safe because of the sandbox? Websites that were apparently protected from hackers because they were certified by some organization or standard? Desktops that must be secure because they had the latest virus and malware detection? OSX didn’t have any exploits?
The fact is, as we all know, security is not a state but a process: an ongoing process of continually making things a little bit better than they were before. Authentication. Authorization. Auditing. Policies and procedures. Periodic reviews and assessments. All of the key ingredients are already well understood. Now we need to apply them all over again to this new environment.
Moving to the Cloud – and remember there are a number of different Cloud initiatives and deployments – brings with it the same security concerns as before. Whether you are moving to Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (SaaS) you are going to need to think about your security stance and how to either protect or detect when your systems or services are being inappropriately accessed. How does your Cloud provider account for regulatory compliance? Exactly where (physical location) is your data residing? How do you know that your data is appropriately segregated from other company’s data?
Here are a few short articles written by SystemExperts that can help jump-start your understanding of various security issues within the Cloud. In addition, go to your favorite search engine and simply put in “Cloud Security” and take a look at the wealth of articles that exist extolling on the various issues you need to come to grips with. A little bit of research and analysis will quickly reveal a number of concerns you need to plan for.
Don’t be afraid, you have done this many times before and it won’t be the last.
Brad Johnson is Vice President of SystemExperts Corporation and has been a leader of the company since 1995. He has participated in seminal industry initiatives including the Open Software Foundation (OSF), X/Open, the IETF, and has published many articles on open systems, Internet security, security architecture, ethical hacking and web application security.