The rainy weather in the Northeast has me thinking about clouds -- or more specifically, cloud security.
At RSA 2010, IEEE and Cloud Security Alliance released a survey that looks at the importance and need for cloud security standards. The survey found:
However, because the cloud means different things to different organizations, coming up with a security standard can be difficult. Neil Roiter, writing for Network Computing, pointed out:
"What's thought of as 'the cloud' can mean different things to organizations, depending on what aspects of its IT infrastructure is moving to a cloud environment--platform as a service (PaaS), infrastructure as a service (IaaS) and software as a service (SaaS)--and then relinquishing control progressively at each of these layers. The deployment model further complicates a standard approach to security, as organizations move IT to the public cloud, an enterprise or private cloud or an industry cloud created for a group of enterprises with common purpose."
Roiter recommended enterprises consider following Jericho Forum's new Self-Assessment Scheme to provide guidance in developing a security platform for the cloud. The SAS provides anyone involved in cloud development-from system architects to vendors-ideas to better create a security system that is right for individual situations, rather than a one-size-fits-all solution.