Cloud Computing Security Handbook
February 21, 2013
Grazed from Windows IT Pro. Author: Tony Redmond.
John Rhoton, someone who has held senior positions for cloud computing at HP and Symantec, has released the “Cloud Computing Protected: Security Assessment Handbook”. Jan De Clercq (who writes frequently about security for WindowsITPro.com) and David Graves, an HP Distinguished Engineer who specializes in cloud services, also contribute to the book. John’s previous books in the series are Cloud Computing Explained and Cloud Computing Architected, both of which are good reads for anyone who needs to understand the basic concepts that underpin this mode of computing. Given the rush to embrace the cloud as the preferred platform for a range of applications, it’s a good time to release a book to remind those considering the transition to the cloud that some work is necessary to ensure that data and access remains secure.
One aspect of migrating to a multi-tenant cloud platform is that you cede operational control over your data. Consumers have been doing this for a very long time. It’s always interested me that people are quite happy to upload some of their most precious memories to online photo sites like Snapfish.com without any knowledge of who now has access to their photos, where the photos are actually stored, and what the long-term future of the site might be. In effect, consumers transfer control over their data without batting an eyelid…
Companies can impose many requirements on cloud vendors before they transfer any data and demand that the cloud vendor demonstrates how access to tenant data is controlled and audited, but once data passes over the Internet to reside in a cloud data center you really don’t know how it’s managed. You have to trust the vendor to protect your data and to take whatever steps are necessary to ensure that no unauthorized access is ever gained to that data. Given the sheer size and scale of the multi-tenant platforms that support cloud services like Google Apps and Office 365, you have no option but to trust that administrators don’t go where they should not…
Read more from the source @ http://www.windowsitpro.com/blog/tony-redmonds-exchange-unwashed-50/cloud-computing2/cloud-computing-security-handbook-145179