Cloud // Infrastructure as a Service
07:03 PM
Connect Directly
Repost This

Cloud Security Challenges Include Audit Trails, Preventing Attacks

How to build an effective Security Operations Center to cope with new threats in the era of virtualization and cloud computing will be a major topic at the upcoming Connections Conference in Las Vegas in April.

Top 10 Cloud Stories Of 2010
(click image for larger view)
Slideshow: Top 10 Cloud Stories Of 2010
The early suppliers of cloud computing have often built service organizations conceived around single-tenant technology, but they've ended up supplying services based on multi-tenant technology, says an early proponent of security in the cloud.

That means they're ill-prepared to supply an audit trail to individual customers, who are probably running their workloads on a server with many fellow cloud users. Jim Reavis, co-founder of the Cloud Security Alliance, will speak to this and other concerns when he addresses the Connections Conference in Las Vegas April 17-21. Reavis is a keynoter for the Las Vegas event's cloud track. His talk will be on "Building the Trusted Cloud."

One problem in the multi-tenant cloud, where different businesses use the same server, is supplying a user with his own track of events in the server log. Techniques for isolating one customer's information from another's are still rudimentary. The concern is not only that a given user will not get his activity in the log, but that he might get someone else's as well by mistake. The job of isolating one user from another in one server log still needs more work, Reavis said in a recent interview.

"How do I as a cloud supplier provide a view of that logged information, scrubbed from the other customer's information?" he asked. The answer is not yet clear, leaving cloud users in an awkward position if they need to provide an audit trail from information in the hands of their cloud supplier. The problem will get sorted out, he predicted.

He thinks the dangers of security exposures in the cloud, while they exist, are overstated. As we gain maturity in cloud computing, "the cloud has so much power to make security better" for its customers, as opposed to undermining it, he said.

Reavis is the alliance's executive director as well as head of the Reavis Consulting Group in Ferndale, Wash. The alliance is made up of a mix of industry vendors and has been instrumental in establishing a common framework of terms and definitions in cloud security. It also issues periodic best practices documents. Its Governance, Risk Management and Compliance Stack, for example, is an IT manager's toolkit for assessing a cloud operation, whether public or private, against security best practices and compliance requirements.

Among the 77 corporate members of the alliance are: Lockheed Martin, IBM, Google, Microsoft, Rackspace, Dell, Intel, Cisco, Verizon Business, Oracle, CA Technologies, Rackspace, VMware, Terremark, and CSC.

Another keynoter for the cloud track at the show is Nils Puhlmann, chief security officer at Zynga, the San Francisco online game company and creator of Mafia Wars and Farmville. Puhlmann is also co-founder of the Cloud Security Alliance and serves as its chief information security officer. His talk will be on "Securing Innovation" and he will draw on his experience marshaling security practices at the world's largest online gaming company.

In an interview, Puhlmann pointed to a recent security brief issued by RSA, the security software maker now known as the RSA Security Division of EMC, as pointing to methods for establishing much stronger security practices in the enterprise data center and the cloud in the future.

1 of 2
Comment  | 
Print  | 
More Insights
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.