The term "cloud computing" has meanings so wide-ranging that it is difficult to pin down. It can mean Infrastructure as a Service (IaaS), like Amazon's cloud (public cloud) or a rack of VMware servers in a company's data center (private cloud). It can mean Software as a Service (SaaS), like Google Mail and Google Docs services. Then there are Platform as a Service (PaaS) offerings, such as easy-to-build websites such as GoDaddy or Network Solutions offerings.
Many of these offerings involve storing data or moving data outside of the protected domain of a company's internal network. Even for data kept in an internal private cloud, security and compliance issues can be complicated by storage and transfer of data between systems that used to be physically separated and more "visible" to analysis by firewalls, intrusion detection (IDS/IPS) systems, and data loss prevention (DLP) systems.
I have worked with a number of companies deploying security solutions into private clouds, and am planning to teach my students about management and security issues in cloud computing this semester. I am also researching putting security systems, such as DLP systems, into public clouds to provide Software as a Service offerings for easier accessibility and scalability. As with the range of definitions for cloud computing offerings, the range of security issues involved in cloud computing can be overwhelming.
As I attend the RSA Conference 2011 next week, I plan to dig deeper into security, compliance, and legal issues in cloud computing. It will be great to compare notes with others who are concentrating full-time on these cloud computing issues, and I plan to bring back lots of technical and operational guidance for both my students and the people I work with.
No comments:
Post a Comment