MSI Strategy & Tactics Talk Ep. 25: An Introduction to Cloud Computing – What to Choose and Why

Cloud computing has become a buzzword over the past few years. Some organizations wonder if it would benefit them or not. What are some of the questions an organization should be asking?  In this episode of MSI Strategy & Tactics, Adam Hostetler and Phil Grimes discuss the various aspects of “the cloud” and how it can affect an organization.  If you are considering transitioning your data to the cloud, you’ll want to listen! Discussion questions include:

  • How can you determine which cloud computing model is right for you?
  • What are some of the security issues with cloud deployment?
  • How can moving data to the cloud help an organization’s overall efficiency? 
Adam Hostetler, Network Engineer, Security Analyst
Phil Grimes, Security Analyst
Mary Rose Maguire, Marketing Communication Specialist and moderator

Click the embedded player to listen. Or click this link to access downloads. Stay safe!

7 Security Areas of Concern With Cloud Computing

One of the government’s major initiatives is to promote the efficient use of information technology, including the federal use of cloud computing. So good, bad or indifferent, the government is now moving into the wild, world of cloud computing – despite the fact that it is a new way of doing business that still has many unaddressed problems with security and the general form that it is going to take.

At the Cloud Computing Summit in April 29 2009, it was announced that the government is going to use cloud for email, portals, remote hosting and other apps that will grow in complexity as they learn about security in the cloud. They are going to use a tiered approach to cloud computing.

All businesses, both large and small, are now investing resources in cloud computing. Here are seven problematic areas for which solutions need to be found:

  1. Vendor lock-in – Most service providers use proprietary software, so an app built for one cloud cannot be ported to another. Once people are locked into the infrastructure, what is to keep providers from upping the price?
  2. Lack of standards – National Institute of Standards and Technology (NIST) is getting involved and is still in development. This feeds the vendor lock-in problem since every provider uses a proprietary set of access protocols and programming interfaces for their cloud services. Think of the effect on security!
  3. Security and compliance – Limited security offerings for data at rest and in motion have not agreed on compliance methods for provider certification. (i.e., FISMA) or common criteria. Data must be protected while at rest, while in motion, while being processed and while awaiting or during disposal.
  4. Trust – Cloud providers offer limited visibility of their methods, which limits the opportunity to build trust. Complete transparency is needed, especially for government.
  5. Service Level Agreements – Enterprise class SLAs will be needed (99.99% availability). How is the data encrypted? What level of account access is present and how is access controlled?
  6. Personnel – Many of these companies span the globe – how can we trust sensitive data to those in other countries? There are legal concerns such as a limited ability to audit or prosecute.
  7. Integration – Much work is needed on integrating the cloud provider’s services with enterprise services and make them work together.

Opportunities abound for those who desire to guide cloud computing. Those concerned with keeping cloud computing an open system drafted an Open Cloud Manifesto, asking that a straightforward conversation needs to occur in order to avoid potential pitfalls. Keep alert as the standards develop and contribute, if possible.

#Security News: Cloud Computing, Gmail, and the Future of Infosec Pros

While trotting around the information security news items, we found a few you may enjoy:

David Taber from CIO, attended this year’s Dreamforce 2010, an annual conference hosted by the wildly successful CRM (and more) company, He posted an excellent article: Dreamforce 2010: 8 Cloud Lessons.

There also was a good article we found on utilizing more of Gmail’s features, including instructions for how to remotely log out of a public computer if you forgot. Check out Gmail Tips: 5 Can’t-Miss Features that Boost Google Email.

Finally, we found a story about the future of information security professionals: CIO’s Foresee Shortage of Skilled Information Security Professionals. If you didn’t think your job as an infosec pro was important enough, now it is even more so! You infosec folks are rapidly becoming Rock Stars! This may be a good time to start investing in your own professional growth with classes and certifications. Good luck!