The Need for Security in the Cloud Isn't One-Size-Fits-All

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

The rainy weather in the Northeast has me thinking about clouds -- or more specifically, cloud security.


At RSA 2010, IEEE and Cloud Security Alliance released a survey that looks at the importance and need for cloud security standards. The survey found:


  • Ninety-three percent of respondents said the need for cloud computing security standards is important; 82 percent said the need is urgent.
  • Data privacy, security and encryption comprise the most urgent area of need for standards development.
  • The use of public, private and hybrid clouds will rise over the next 12 months. The survey found that, while public clouds are most popular, private and hybrid implementations are quickly gaining in adoption.
  • The rate of using and providing software, platform and infrastructure as a service (SaaS, PaaS and IaaS) will increase consistently in the next 12 months. The survey showed that PaaS and IaaS are set for the sharpest growth.

However, because the cloud means different things to different organizations, coming up with a security standard can be difficult. Neil Roiter, writing for Network Computing, pointed out:


"What's thought of as 'the cloud' can mean different things to organizations, depending on what aspects of its IT infrastructure is moving to a cloud environment--platform as a service (PaaS), infrastructure as a service (IaaS) and software as a service (SaaS)--and then relinquishing control progressively at each of these layers. The deployment model further complicates a standard approach to security, as organizations move IT to the public cloud, an enterprise or private cloud or an industry cloud created for a group of enterprises with common purpose."


Roiter recommended enterprises consider following Jericho Forum's new Self-Assessment Scheme to provide guidance in developing a security platform for the cloud. The SAS provides anyone involved in cloud development-from system architects to vendors-ideas to better create a security system that is right for individual situations, rather than a one-size-fits-all solution.