Considerations for Cloud Security Use Cases
4 views
Skip to first unread message
DCR
Nov 23, 2009, 6:40:06 AM11/23/09
to Cloud Computing Interoperability Forum (CCIF)
At the end of the day, consumers will use clouds to gain access to
network, computational and storage resources they could not easily or
cost effectively acquire on their own. Each will have different
expectations and requirements for security based upon how they intend
to use those resources and what value they assign to the data and
workloads they intend to trust to the cloud.
Every cloud deployment model (i.e. private, public, hybrid, community,
etc.) needs to have a security framework in place, broken down into
different aspects of security (often called controls) that can be
referenced internally (by the cloud provider) and externally (by the
cloud consumer). This framework of security controls is a common
concept and is seen as a repeated theme for various IT Security
Management compliance standards (ISO 27001, SAS 70, etc.). It is fair
for a cloud provider, regardless of their deployment model, to detail
very specific (manual or automated) security processes and control
implementations to achieve their business goals. It is equally fair
for them to decide not to support one security control or another as
long as its a conscious decision that their customers can be satisfied
with (i.e. that it is an understood and accepted risk which will not
adversely impact one's business).
The rest of the post can be found on the Cloud Computing Use Cases
Google Group at http://su.pr/7Vdthp .
Look forward to your comments.
network, computational and storage resources they could not easily or
cost effectively acquire on their own. Each will have different
expectations and requirements for security based upon how they intend
to use those resources and what value they assign to the data and
workloads they intend to trust to the cloud.
Every cloud deployment model (i.e. private, public, hybrid, community,
etc.) needs to have a security framework in place, broken down into
different aspects of security (often called controls) that can be
referenced internally (by the cloud provider) and externally (by the
cloud consumer). This framework of security controls is a common
concept and is seen as a repeated theme for various IT Security
Management compliance standards (ISO 27001, SAS 70, etc.). It is fair
for a cloud provider, regardless of their deployment model, to detail
very specific (manual or automated) security processes and control
implementations to achieve their business goals. It is equally fair
for them to decide not to support one security control or another as
long as its a conscious decision that their customers can be satisfied
with (i.e. that it is an understood and accepted risk which will not
adversely impact one's business).
The rest of the post can be found on the Cloud Computing Use Cases
Google Group at http://su.pr/7Vdthp .
Look forward to your comments.
Reply all
Reply to author
Forward
0 new messages