
Image via
Wikipedia
Even though some of us are unabashed Cloud evangelists, there is no denying
about the fact that there is a lot to be done on the security front. Well,
startups are using Cloud Computing to their advantage but enterprises are much
more sensitive to the security and privacy of their data. Many Cloud vendors are
developing products that are directed towards enterprise security but there is
more to be done.
The current issue of Information Security magazine has an article about the
upcoming release of Cloud Computing Security Framework by the Jericho Forum.
Jericho Forum is a group of people from various companies, mostly in the rank of
Chief Security Officer, who love the idea of Cloud Computing and are interested in
developing proper security procedures. These are the people who understand the
business advantages associated with de-perimeterization (the erosion of network
perimeter as we know it from the enterprise IT) and believes in responding to
the challenges of de-perimeterization must be central to all IT security
strategies.
According to their view, the traditional security practices will still play a
role in the Cloud based computing but they are not enough to take care of the
challenges due to de-perimeterization. They feel that security needs to be
implemented at a component level like encryption of any data present in the
Cloud (a point highlighted by Dan Kaminsky at Cloud Camp Seattle), secure communications and data level
authentication.
They are building upon their Collaboration-Oriented Architecture, released in
2007, to offer a framework that outlines the security requirements of Cloud
Computing. Their framework will help companies categorize their business
processes, identify the Cloud Computing model, put in security procedures based
on the level of control the companies want to exert and use it securely to
maximize the business advantage. This framework has a potential to bring out
more and more enterprises into Cloud Computing.