|
|
|
Is Cloud Computing Secure? Prove It
By: Wayne Rash
2009-09-16
Article Rating: / 10
There are 0 user comments on this Cloud Computing story.
Is Cloud Computing Secure? Prove It (
Page 1 of 2 ) Organizations need to take care to ensure that applications in the cloud are secure and compliant--and can be proven as such. Experts say the public cloud might not be suitable for some applications right now, but that providers will face increasing pressure to develop systems that can be used securely in a cloud computing environment.The buzz around cloud computing is intense, but that buzz rarely addresses the question of whether cloud computing is safeor whether you can prove that its safe.
Is cloud computing ready for prime time? asked Amy DeCarlo, principal analyst for managed IT services at Current Analysis. I would say no. Theres not a lot of transparency; theres not a lot of confidence.
And, even if your data really is secure in the cloud, you may not be able to prove it, said DeCarlo.
[Public cloud providers] dont have the pieces to meet the regulatory requirements; they dont have the means to meet the compliance issues related to security, she said. Thats not to say there wont be a time, or that cloud service providers cant provide something useful to the enterprise.
The issue, according to DeCarlo, is that cloud providers dont meet current compliance rules. Whats more, some of those providers, such as Amazon.com, have said that they dont intend to meet those rules and that they wont allow compliance auditors on-site. This pretty much eliminates any chance of using public cloud providers for anything that must meet any of the government regulations involving protected data either in the United States or the European Union.
And it gets more complex.
Any client using the public cloud that collects personally identifiable information is subject to the regulations of each state where they are, explained IBM Director of Corporate Security Strategy Kris Lovejoy. This means that every place in which the data may reside, or through which the data must pass, can regulate how the data is protected. How can you ask a company to respond to the requirements of every state, not to mention cross-border situations? asked Lovejoy.
The use of the public cloud also implies the use of virtualization to move data and compute requirements to the place thats cheapest and/or most suitable. You have no good way of knowing where your data is, how its protected, or what other data and processing are going on in the same infrastructure. In fact, your provider probably doesnt know, and neither does your auditor.
So, what can you do?
Right now, the public cloud is probably out of the question for any data thats subject to government or industry compliance rules. But that doesnt mean you cant use the public cloud. There are a lot of use cases for testing, development, beta testing and overflow for applications that dont require compliance, said Lori MacVittie, technical marketing manager for F5 Networks. Workflows, data entry thats not covered by compliancethings covered by best practices. There are plenty of applications that can go in the cloud.
Applications that work well in the cloud typically have security designed into them from the beginning.
Web apps have moved very well to the cloud, said Scott Morrison, chief architect and vice president of engineering at Layer 7 Technologies. The important thing is that you have to take lessons from good service-oriented architecture and good Web architecture. You have to put security into the architecture. You have to make applications secure; then they can move to the cloud.
Morrison adds that its up to each enterprise to figure out what can be moved to the cloud. Every application is different, and every application has something that will determine whether they can run in the cloud, he explained. You need to do an inventory. The cloud is shared, and you dont have the physical demarcation between applications. A lot of security comes down to rigorous ideas that systems have physical boundaries. You cant do that if you dont own the whole show.
|
|
�������x}r㶲s\@♵M=RJؖ�I*�EB�c")_/Oo<�xӅ؞L�'cK�@7�F�w?H�purF5g6%�E�}"I{��(~`\ϩ��IzN�ڶ?
�}�~mks�u���;��{#|6�%߽w *s=NN5��K�xgMFlM�e�#k`p��,Fc�wM�d{=B �~5{�O6�(CJ��ex$Z�wzH~T�hGe�Ma�oF
�w"�Ntod9�Q�!)*X^P~��D;ǎ5~r��5{a�_��;�U'iS[:$�5CU�VekV�6^�;�s9ȹ�׳�z$fRvGn(Gd`jI:4G*"04����6S!p��5\`p�)jPX6tG,> H>!P;u�IV@��daS��/*! lpa#j)y�'C�DFI/j�|%R+
�i��٥zd$YS)2�!�,ԐYۭީlni]Z77nZ'7�7f٘Y�ji�ed�X�]2��-U5ms%g�r>iu�>3ɀ&�dXAZ|YkU[_��lxmqb{ d�Pp9LwjT�?vNz[d�[�/'$'mDO{_��`H�Bm۲ܺʑ\R�y�ɽ��a(�7f`X@7�? eR2x&p*� ߱n^S'G�5ǯ/iVj5V0z�[�SĿ� G/<@'�LY p3Z&9T2��3=M��H���k
�3!RBʼ��ĿI�K
_VPJB�-)\D7h+�ԌTwIQ��Q#�=^f/\��R@��2�Al8{ØWҽTWws^�iغ�\48߇]7+De.,
s5ͷwnz�aZTp�x3j7Sҽ\u;6߷`Ub}Phv�ZM]�qsuTSt*Zl:�?}�5գ"T���G&-d`q86ayʔI�?}y�L>���NP'}2=�jZI};Ni(|���I�}Ѧ�>8��[���iH'0i�|
V8;��tCuәa �{>�0���kBi=D�5�״
�l"&q}3 к`y��`2&C?�FtIn@�>X^0 j�pS�*~3��=w=
|
�wA�)Gk�6G~[>l0��3�8�N\JQ�o�=�dQJ
dO$@�!��-i]�R@A�z68��-��,rr�l+��+~#y-#!bTLZ�'9Tt{B#�}Tz,�gR1eb -d[b�~I�l�
eV&vϏa,[LboD��6�]�,�S�mo3-M�us��6
��z`N�&'syjVRTE�Cz�dE�gOl;�S�i;CO�\gF0,/Aw��)�ioLI ?,x�po
aB?9bѪ)C��=-f�
ӛm�S�Zԛ01�M�-dk6q?92`
M
l4�T f��FfO���~5lwfr�n9YwI�$З^s_o2MS�|,�n^ßf�1�d��_w\ճ&AB
�glCC�2{�ڡ[Z3R;=��Mrʳ$�#��C_7�X>ťHN(m�t'�й+>q^t.iԚv eiV[J��ͪRue�I�J�ۅakk)�T8���7�Bj^¼ye<4�@V`9HM^>��kp6X"@�@�7w�L)mT.mT^�gΧމ;�i6�E;�ӧ�t��g��MH
NǮ��Xct+@9Z'VUmTHbzq�0b=��{2rt\Xdj²w잵�ה�)._0g7��y+�U}�>8`C�L�mRM}Bu߲V�O��)]&ٰ\R
�)I�6�D�ȸau-`by��>dS�]WѹqD8t�1D.-g��
@�WQ�Po�FZ�.�"�&~~~029�?\ug>f}4~�An+�p��&��>Bk wY'JzuG6$�\.(J9��)` N� 2|h�:�#P�& ,#E�.2
�ZAK`�А��BrAa ȹ+WT�ˈ`m�S@Ak�SU�
Փ.E^~v�V��K i?aE�"'t1ڥ�s!�a*/W+g Z�;�IR-��zrheU-UjR9�_V�2�:EƟR�!prɵK-˰p1c�Z$ c`W�.�_�{k+i
fB1&}�l��dA�X�~\U4Uud�¹�`��Qе�a�⢉�!h�+�����4+hý235RZS2ݝ'(R~-h;?=��`"+j*
?ŤD
�LkQ3Gŵ5��
�φS�1>L:k}��\WJZPk{>`,��mC[$
zX�È�h��qņ�Z
)
�8};`[��
+fh�+,s��Jb+�ʹV(EcTyd�jC<ϤMpR|=~-�>p�7poj)O@�(1�"mǤ|e�2u-tn1�b%[>E?9dN u3� U�sf>
��|�`�մZ9kٝNC7E$�9Pܘ��G�wDF$۽'�̍oE?z#�Z7pTJJ\�
$J+A:erN-×?�iy"
ҧ�'F{�z�l��j>eWՄθ
4;b'Xd;ɲ�ڤi��D@kXJ7eNV5XI0iUI+T�Z}�����2a.U}7*\$�IvSf
Ϛ���8_arOn{W>0�J$7
rQӊ5�JR�}'0�L�p��( rQ-��ã,z(�d�2rY�j��dP��\X'߾�b[D �'T.n_\'�Wƒ"'!Z+5�3,�q�vë�
eVqe^?3Z �c��S7��ZU{�"}QL
ޟp�ف�b�ßy�c(m�'@ޏ�}i�4M}ֹIgC<�d¼zO;vݹ:|D[(@?^-M�Xh\00C�~W��Eˇ7WRO5<7�osV�(; J@��#䆷G$bw}\ɾ3z^^7OOW��6|v:���2CH"�r:�e}J|IsѹE%%{�u[�r��܃�W,=
YF#B\7FS�L�o2�XGZ[>ֈd�S㥑a�+"@�KuÙ�C碮9�kI.Dz=d_5�g0Y
h%�1ۯ}oCs�~e�YLoH2<(_�a��H��H\�R
~ti{}��N�.�fO @Anp�Kz!NU�Hy*4Д��e5ѓ:�M<;mtn)�5�E_�ſ�F�}i�
+}ٝͲh<$~�PV=8Y,rh%縕vi�\��a~:)}B�-N9˝��~DҼ�"g��Í7��w j�EΧ
p!�[ISB�9kթ�-ݱi'>�fax!w�m0q�%՝b"0BٸEO,jm-��'̑s4S)�i��# �m$jRSfj�# $_2HI,v+Vht$lAͫ j��Ú�mf�/.i_ߺm|d`�L`ql)Za"|)Nr
>i^�`e>�![yRb]�QגZ4ҫoeW!9�
��|B�s`�=C�D!aFCrWkb~�=ZU${ݙ8��h�cɥ���p
`/a�wʜW#��`Z�
?�Y�.�/}v�}`>᷷Sѵl�Od@T7�]���X'9��X16q=w�v`ϓ{~�\[܍S2G4a�ϝ*hu5fX%��gNtA�?C:=ҼnHs�09nJs �u#k�5�ׅO>�� �r{k�קO�ƭto/F]�FЧ
'oc Ǿv/ݻw�~ۖq*A=wK�<�L>?Fdc:� M"�I^U֩UdU)IW]YE㣑)?8��boZ`@L6CGz�����g=#tzoo=إG֛�<�A�?�z'L��w.�z@z@qSx�{Zg%QJ=�?/qM@kjiNr\"~^Z�䑽D���Hڃ}co[!D:*pG#LuO�xc
Z�yi�襖�<�?79wB#A�VާA3�q�Ĩ`lo�x?r`f[!tN3SJMb$מ>@i8i
@/=�W\�.aH��֟�mcС�,!xi"Jy$z ѣer�#!|,eB��J?�u�8�"f.kD%W�oX͡X_]UwR�HƐ� @ϗ
1$o0/�E(P0*eyΞ7�v�x�zt(b[��]!��T�ey-#PR~g?K@X3Xn{D]Ȏl4ߎ̹d�P� wqY%�,R�[~=(�P6ά1ǝp�aRȘȂβ��KA>w�BlSd5i�2Pq�<:і�)
�\;M]1(��oGX�{ζQ~lδ},���N2MX![YjbwX-%]4e)Yz%.#�=xqY{?Ars)q:��n�R-j8=�}�^}{e*7Fv/&�"�!wXONof@oS�{�� ���6(��A~�|sܐĹDܣ��kc�F2p��I$~:%#0O�('OxKZ�_<ݩbQI"%RE�<ƏV#ԛLjW� !�朅�x�-V$�C{nж��1rtۼ:H�%u!q3NjժR*�͏+]�0B>`@ �%IX
p.#
'X�US2�+"QH](�N7` Z{ �D 3ҿ
|qbtz&m�{�F-oʨbE"�PDbi)L@��7AZQb�[��~0Au�'|�L�oqczN�Y C} $��9eB/X�*&�`;=Ib;3`3[Xoh7�H0OIMem�|+{0��Gbx �jq�ljyv$QS�U�;!giYmL1�>��~I i>|MH0)�`ظꆜPxM9vHr�`fޣKMx0�Hvg,G8DnAG� @$�"!M¾�y�rN�j<
y�[!/H�2t�y�;;d�=�o+ZjsvCNCn !TƏb�>h�jf�/i/MC3]�;!=ѩ
�KL$�/@��]σ/EZz��l��#��]tUr1�h�
�xߙ�"���إ`RKsK��~6/l:��k*|ie**��,�יQUR�:�
�UHVXFVF6^�Ql(VQsN���r�
w�ƊQ
Or051ٞ;��227X]� &5)_M�Fz�ė�ML��*�M}Zk6uC}
F"z�bPceJQ1&�I_64o,.$Bȭ��ް#,�e $h,?�^J귒w,㶲�SwrGD�R|w ǿ23<̜&
$y`b합7k�*Df9b
y;fBS+`YS^$Iͽ=�ڦ/hG
P|F0S �
c��ixQn�)� ~[~�1{tӅwoJY7VC|_~X*Sg3X��6�dfphV�_fX,l%I"q0M4�QqD3ͯ
S$�Xx��"9N,��Oa�t+פ�s|:GO 8eQ�1�{_ڋKۨ_xأ)�e^��m'�I>4b'rͶX,hAL�Ñ@u}�ų�Ta#��ɷ%�^H�ϸ!ҳ�^�k=T60�8�7�~��@�(�
x�}�-�6/Ӫ=X/� 3g`2x%A�n�nĽ�q4FjڃOd߯wg�@�amI��Y�zfSxk��f0q�P�C�u&߮[z��X= ?
K�*&�5^;{]=0����_[�"
�����~�?�Vq5��od'�|]�V0bݵg���jZ�.#�+p�Ą�)bUfwܠe=`
�'�3u/xy�B
G=Jl~#�&e}*P5�;-Rl%��
xo�V0�� wA>po4xSP�ʕ�U+%=�Ө~=l�@�"s?����I:NE1~^PobM#b2z�ސ�E;�p"YH��
`Oh$�~b s{ɖàzEQ�p#ߛ��Sg0Y�˂Klݜ�(�8��c�jq$�P!%�h$`x=9`2 @2߰+�>g�ٕa)豪�˕/)^��;ee]s=M蕴B�9^��Ȑq~�/4�:>�1ƺs�1h^__|&g�$g7�~<ܴ{�9n]tn�o[uss}պi_r3˃��Sf�&�R,�e�je)3C9�mꌸ6�W#\]drx�ixɎ(azh,Ώ6'ti'ڽ5�U6r�Uzu7M�&6yv!~jԊkm8�5g5^L�kJN\3CM@ЦkJ�c>s�N.M�Rp���4ħEG:W\#4[E�EF�(Q�Q~�7O͌�w2ʑ{O��(?Y]~�9ˠ{��Wsi>(3UF9�\C73^]~�/2l�K2�K��{AKe�}.��/?/3�2?QF2�2ϡ<�PK((�+����N~dk�3�.�w3�2/(_�3�*�>e )~P~U�{mF�$)c�f5qvJEsQ^53T�}~�)�PWg�5(ge�3�VڍN�a�{Ar!g�e_7C@q�}}9M+ťW�*7YKxM}%kk[J1nv�d}�G{1>2�y&��e���^>&c����˼$=)>w�懤I��x崝#&JR˯-7cENj9.~QJxd\$h{U2�6#�{":bQU��|,y�
|e8�Nt7$17 }^f1>&ɏ�%��ݞ܃�8*%�.n
ۍՆ9���x�L|u�ӚܴO]t8v��<2kիK+#B%Af_b
5D?%OxVf<_}#ه^V՟p3�lc�W��usռ_7߷Cg6�'[
*8�uߚL� u8�y$��} �X&@Y$'}R�?ǰs7�3
u!_
M+4{om
D;a��Nr@*�5VZ*{
s�&�"B�QWdU*�.�ZX��,.g
�/(�@#غ̷7xR#xC7<8a�R�
p+�E�!'\C�x���.2f�dofⅺ1�;W)%�@18�L�o�
7�iͯ Rg�׳�+Bx�;Ϩ?�hcU�4��`ɮ4�1l�fu¿69*H�G ?n
3N@y�
�hlУm{h�đ�^}�O�?g�)b>�7rO 3 7oEϯQx�CJ��,�+;��k`Q{eqÄ�#6O
5U"yO|\� �ˊ`Oؼ`&<9O,|Ŷ/߰aBc M�eSF;0�|F+`a?94v�Ig@��g�X1Wdg��Ag|b;4WB&2�U\&�ܕ,cuhB�/]~q`�,/ʌF����|m)Ӿf,ӣ6]�-Ont]{&ܿc��C�
>g̶�
���F\�|gȌa)'Ơ�)�e h
ki"�t\зkdQ9R�b=�A�Sh4�Wϛ5���yX!%�9vc{[/AI)�H[aD6vn
=c,��b>���"مxދ/!��%��H2G$!|c�*5�S�v�`�(Q|�ӽ'ϼ~xyO?J��F ϱ[�ngn`��Cl
.3�.O]$
hWa. e;1KLP`;AVΙr"w6G}�d�ȱ(�l}�j6�f� +o[t)(�5x�{v�6
l�/�~HDZI��_�[0~Y��+m˕bA,\�n2?>Ş�i#{��@ ](ۊnfTt7���`GY�e`kvK�8u
vAѲ
V�7"ְ0^w�KT�l@�swS�az
\NXe�܄�UF.Em�hT_ )*l+c�V
�9/߶c3��\TVc2��X!&�I;s�__�@�>���{|��wn}C\��:1F`7Y>קg�8K�IR��y2 !N\xye~҅�^�*I,&_cQd+8*)�ؐ�r���k`�bOP���1,�O,�ozԛ'T�S*�4.>Ͻn<]e[z0�0jPwtgLp�-�ͱ=RZ`'l/Z6?yKl,��
|
Cloud Computing 
