Security – in, from and with the Cloud

My post Security – in, from and with the Cloud on ITBusinessCloud

----------

Security – in, from and with the Cloud

Security is one of the hottest topics when it comes to obstacles of adopting cloud services. Maybe we theatrically should “tear this wall down”, de-dramatize it, without tearing the importance of good security down – because it is important!

One type?

No, there are several different types of security services related to cloud. Examples:

1. Security within a cloud service which has another purpose than delivering security, for instance an email service. The security in this type of services is to protect your data from other people or systems, not being harmed by malware, backed up and the ability to be restored etc.
2. Security as a Service delivered as a cloud service which you can adopt to your existing on-premise solution. Examples:
• Encryption
• SPAM and Malware protection
• Firewalls
3. Audit tools/services who will audit the vulnerability within, to and around your cloud service (No. 1 & 2 above).
4. Consulting audit services. Pretty much like No. 3 but performed by humans and normally gives you a report how to act on a problem given by No. 3. 

This is on a high level what security in the cloud is about. No. 2, 3 and 4 normally works fine. People don’t fear security in services delivered from well-known security services providers. No. 2 might be a bit problematic to adapt to services delivered from other vendors but API’s, integration services and true co-op between CSP’s (Cloud Service Provider) will solve this better in the future. No. 1 is the wall needed to be de-dramatized and torn down…

Fear = out of your control

The highest obstacle to pass is

A collection of comments

This is a collection of the comments I've posted today on a couple of sites. Most important one is No. 3. It's time we put pressure and demand true professionalism. New business opportunity in No. 2 - go ahead, time for action.

Comment 1: Commented: Employees Engage in Rogue Cloud Use Regardless of Security Policies

Comment 2: David Linthicums 'Cloud computing: The semi-secret economic equalizer' 

Comment 3: My long comment to: CIOs Say Corporate Directors Are Clueless About IT

Enjoy!

Commented: Employees Engage in Rogue Cloud Use Regardless of Security Policies

I posted a comment to the post Employees Engage in Rogue Cloud Use Regardless of Security Policies by Thor Olavsrud on CIO.

Short breakout:

"Employees are increasingly turning to the cloud to get their work done, whether IT has a policy about cloud use or not, according to research studies by Symantec and cloud backup provider

Cloud Compliance: Part 2 - Top 10 Tips

My latest post Cloud Compliance: Part 2 - Top 10 Tips is out on Newvem. This time I got great support from Ron Peled (@Ron1Pel), Security Specialist at LivePerson, the team at LivePerson (@LivePerson) and Ofir Nachmani (@IAmOnDemand) at Newvem (@Newvem). I salute their support.

Short break out from the post:

Here are Ron’s top ten tips for CSPs, whether you’re already a cloud player or plan to become one: 

1. SaaS = TRUST. If you can’t provide a trustworthy environment, don’t provide it at all.
2. Invest in security and compliance. Don’t skimp—it is fundamental to your business and its future.
3. Customers will always have concerns and ask questions.

Cloud Compliance: Part 1 - The Basics

My first part about Cloud Compliance is now available on KnowYourCloud.

Short break out:

"Just for fun; a tricky question: What happens if an SaaS provider from Country A put its service on a PaaS provided from Country B? And, scary, the PaaS from Country B resides on an IaaS from Country C in Continent D? Is your organization cloud compliant in this scenario? Will any of the XaaS providers guarantee you’re cloud compliant? Let’s hope these scenarios won’t be frequent in the market in the future"

Please share if you like it.

One of a "million" comments...

...to the post What is Information Security Really? by James Rees on Compare the cloud.net. A really great discussion about what InfoSec really is. I advise you to read some of the great comments and maybe tweet some a lot of other people already done.

Short breakout from the post:

"Looking at the examples above carefully you begin to see a pattern, nobody really knows what information security is, nobody really wants to do it as they think it costs too much and if they do have to do it, they will do the minimum required in order to tick whatever box they need to. This leads me to ask a question.