Unfortunately, it's broad enough to "overlap" pretty much any Cloud Security initiative out there, don't you think?
TJL
-----Original Message-----
From: "Sam Johnston" [sa...@samj.net]
Date: 01/12/2010 10:35 AM
To: cloud...@googlegroups.com
Subject: Re: Draft of Table of Contents for Cloud Computing Use Cases White
Paper V3
There appears to be some amount of overlap here with the Cloud Security Alliance (CSA) work - I trust youre aware of that?
Sam
On Mon, Jan 11, 2010 at 12:17 PM, DCR <drus...@ca.ibm.com> wrote:
This is a copy of the post that was just made today to the Cloud
Computing Use Cases White Paper (http://groups.google.com/group/cloud-
computing-use-cases).
We look forward to your comments to the original post at http://su.pr/2Be9pA
or directly to this post.
__________________________
Friends, heres a proposed ToC for Version 3. As always, this is an
attempt to organize our discussions of the last couple of months.
Introduction & Motivation
A general discussion of the importance of security
Security Controls
A short discussion of the requirements weve discussed here:
- Asset Management
- Service/User Identity, Access Control and Roles/Attributes
- Security Policy
- Cryptography, Key and Certificate Management
- Network Security
- Data/Storage Security
- Endpoint Security
- Security Event/Auditing/Reporting
- Workload/Service Management
- Security Service Automation
Security Patterns & Federation
Cloud Security Roles
I think patterns and roles are a great way to organize the
discussion as it relates to the security controls mentioned above.
Security Use Cases
- The use cases weve discussed. Some use cases were discussed in
broad terms (supply chain and healthcare), it would be great if we
could flesh those out here.
Cross-references
- These were useful ways of summarizing the information in earlier
versions. Security Controls vs. Service Models (*aaS), Security
Controls vs. Deployment Models and Security Controls vs. Security
Patterns could be useful tables.
Let me know what you think.
As for a schedule, I plan to have a first draft posted by next Friday
(the 15th), a second draft the following Friday (the 22nd), with a
final Version 3 ready by the end of the month.
Cheers,
Doug
--
You received this message because you are subscribed to the Google
Groups "Cloud Computing Interoperability Forum (CCIF)" group.
To post to this group, send email to cloud...@googlegroups.com
To unsubscribe from this group, send email to
cloudforum+...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cloudforum?hl=en
-----
Join our Twitter Group at www.twitter.com/cloudforum
Or Our Linkedin Group at http://www.linkedin.com/e/gis/927567
I apologize if my comment seemed too negative -- I didn't mean it to be a case of "hit and run". The concern that I have is that (in an "elephant in the room" way) everyone seems to be overlooking the fact that "Security in the Cloud" is a superset of "Security on the ground", and behaving as if it's somehow possible to "solve" the Cloud Security problem when it has yet to be "solved" outside of the Cloud.
TJL
-----Original Message-----
From: "Paulo Calcada" [pcal...@gmail.com]
Date: 01/12/2010 11:24 AM
To: cloud...@googlegroups.com
Subject: Re: Draft of Table of Contents for Cloud Computing Use Cases White
Paper V3
Yes,
But as any other work developed using as its bases the Cloud Computing paradigm, the security analisis tends to be as broader as the players (speciallist, evangelists, etc...) can do it.
I dont think this is a problem, on the contrary, I think that at this point this is very interesting. As a deployment or business model, Cloud Computing could only move forward if all the players are able to understand in what way the work developed until know could help and how it should be integrated and articulated with the work developed by the "neighbour" technology, paradigm, product, etc. And in order to be able to accomplish this, a broader study is need...
Paulo
2010/1/12 tluk...@exnihilum.com <tluk...@exnihilum.com>
>> "There appears to be some amount of overlap here with the Cloud Security Alliance (CSA) work"
Unfortunately, its broad enough to "overlap" pretty much any Cloud Security initiative out there, dont you think?
gary
The "S" word is literally unbounded at any level -- from a 'macro' to a 'micro' scope.
Even when discussing something as "simple" as a single message between point 'A' and point 'B', and the requirements state that it must be "secure", does this mean 'confidentiality' (needs to be encrypted).. 'integrity' (needs a checksum).. 'privacy' (needs access control).. all of these?
So when trying to address Security for something as (arguably) ill-defined as "Cloud Computing" we can end up lost in a swamp very quickly.
TJL
So when trying to address Security for something as (arguably) ill-defined as "Cloud Computing" we can end up lost in a swamp very quickly.