One of the biggest dilemma facing the customers thinking about Cloud adoption is their lack of trust on the Cloud security. On the consumer app/services front, I would say it is not a big issue because the Cloud vendors have a better security implementation that what consumer users can have in their own machines/servers. However, it gets tricky on the enterprise front. Enterprises are not all that comfortable with putting their critical data outside their firewall. My personal opinion is that Cloud security is as good or as bad as enterprise security. The biggest issue here is whether you trust your own security team or a third party providers’ security team. It is more of a trust issue in play with the enterprises.

However, there are some issues that creep in when you think at the Cloud scale. When you bring in thousands and thousands of servers together and layer it with a “fabric” to build a Cloud like architecture, there are bound to be new security challenges that were hitherto unknown in the traditional model of computing. Also, there are issues like “malicious intent” crawling in from other virtual machines running in the same hardware. These issues are important but it should not be a reason to discard the advantages offered by Cloud Computing. There are some real dangers, like the ones described above, and there are some fear mongering, like the propaganda that says implementing security at the cloud level is difficult. It is important for the users to understand the dangers, minimize the risks and benefit from the tremendous advantages of doing computing in the clouds.

This is exactly the kind of problem Cloud Security Alliance wants to solve. They want to develop best security practices for vendors so that the potential risks are reduced and, also, educate the users about security in all forms of computing. As Christofer Hoff puts it, CSA is a member driven forum to discuss the issues and opportunities for security in the Cloud Computing space.

Unlike many other vendor only efforts, CSA welcomes members from both the vendors and the consumers. If you are interested in using the Clouds and want to play a role in developing a good security model, head over to their site to find information about how you can participate. CSA will be launched during the RSA conference in the end of April and will concentrate on issues in the following areas.

• Information lifecycle management
• Governance and Enterprise Risk Management
• Compliance & Audit
• General Legal
• eDiscovery
• Encryption and Key Mgt
• Identity and Access Mgt
• Storage
• Virtualization
• Application Security
• Portability & Interoperability
• Data Center Operations Management
• Incident Response, Notification, Remediation
• "Traditional" Security impact (business continuity, disaster recovery, physical security)
• Architectural Framework

To keep a tab on their activities, you can follow them on Twitter or join their Linked In Group. Security is not only a major concern when it comes to Cloud Computing, it has a potential to turn into an advantage with further developments in the field. I am glad that efforts are underway to identify proper security practices and also to educate the users. In fact, educating the users is as important as the Cloud Security itself. CSA is a good first step and a much needed effort for the future success of Cloud Computing.

Disclaimer: I am not a hard core security guru. I am just aware of the system and network security issues from my previous avatar as System Admin. If you are really interested in understanding further about Cloud Security, I strongly recommend the blogs of Christofer Hoff and Dan Kaminsky.