Study Different Cloud Models and Categories

By Matthew Gardiner  |  Posted 2010-02-01 Print this article Print

Step No. 3: Study different cloud models and categories

Enterprises need to study the different cloud models (public, private, hybrid) as well as the different cloud categories (SAAS, PAAS, IAAS), as they have general differences that directly relate to security control and responsibility.

All enterprises need to have an opinion and policy for these cloud approaches in the context of their own organizations and the risk profile of their own businesses (discussed previously in step two).

A good source in support of this issue and other security implications of the cloud can be found in the recent ENISA publication, "Cloud Computing: Benefits, risks and recommendations for information security." Legal organizations should also play an important role here, as issues such as warranty and liability will play an important part of this analysis.

Step No. 4: Apply your service-oriented architecture (SOA) design and security principles to the cloud

Most organizations have been using SOA principles in their application development organizations for a number of years. Isn't the cloud a massive expansion of SOA? The cloud is just service orientation taken to its next logical step. The SOA security principles of highly distributed security enforcement, combined with centralized security policy administration and decision making, apply directly to the cloud. There is no need to reinvent this wheel when moving your focus from SOA to cloud. Just transfer the principles.

Matthew Gardiner is a Director in the Security and Compliance business unit at CA, Inc. Matthew is a recognized industry leader in the security and identity and access management markets. Matthew also serves as vice president and board member for the Kantara Initiative, an industry group focused on digital identities and how they can interoperate with today's technology deployments. Matthew is a frequent speaker at conferences and industry events worldwide, such as those hosted by Internet Security Solutions Europe (ISSE), Information Systems Audit and Control Association (ISACA), analyst firms and Liberty Alliance. He has a BSEE from the University of Pennsylvania and an SM in Management from MITÔÇÖs Sloan School of Management. He can be reached at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel