I have come across this confusion among people in many of my discussions both online and offline and, today, I came across a post by Craig Balding
on the same topic. I thought I will do a brief public service post on
it here at Cloud Avenue. This is a trivial topic for experts who visit
Cloud Avenue regularly but I am targeting this post towards newbies who
are here after coming across terms like Cloud Computing, SaaS, etc..
Well,
I am talking about the confusion between “Cloud Security” and “Security
in the Clouds”. There is quite a bit of confusion in this regard and,
as Craig points out in his post, some vendors are not helping to keep
the definitions clean either. As a part of Cloud Avenue’s focus on
educating users about all aspects of Cloud Computing, let me offer
brief definitions of both the terms with examples.
- Cloud Security:
This terms refers to the security of the Cloud infrastructure or a
platform or even an application (SaaS). When people discuss about the
security aspects of Cloud Computing, they are referring to Cloud
Security. This term can be used to refer to anything from a firewall
running on a server instance at one of the Cloud providers to
datacenter security to how secure is a Cloud platform (say, Google App
Engine) to application security issues like buffer overflow prevention,
etc.. As a general user of Cloud Computing, you should be concerned
about Cloud Security. In fact, in the recent RSA conference, Cloud Security Alliance
(CSA) was formed to provide guidance to both the customers and vendors
about different aspects of Cloud Computing. They have recently released
a report offering guidance on Cloud Security front. This report can be downloaded here. Cloud Avenue’s previous coverage of CSA can be found here and here. - Security in the Clouds: This term refers to security services offered by different security vendors by tapping Cloud as a delivery medium. I recently wrote about Panda Security offering Antivirus as a Service using the Clouds. Last year Dan Morrill wrote about F-Secure’s plans to move their security suite to the Clouds and offer it as a service.
Unless
an user is subscribing to the Security Services offered through the
Clouds, they need not bother about the term “Security in the Clouds”.
Their only concern should be about Cloud Security and it is important
for the users to find out about it from the vendor.
Related Articles by Zemanta:
- The Real Meaning of Cloud Security Revealed (devcentral.f5.com)
- Panda Security Announces New US Marketing Head (readwriteweb.com)
- Security Guidance for Critical Areas of Cloud Computing (elasticvapor.com)