Cloud Security Challenges Include Audit Trails, Preventing Attacks - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud // Infrastructure as a Service
07:03 PM
Connect Directly

Cloud Security Challenges Include Audit Trails, Preventing Attacks

How to build an effective Security Operations Center to cope with new threats in the era of virtualization and cloud computing will be a major topic at the upcoming Connections Conference in Las Vegas in April.

Top 10 Cloud Stories Of 2010
(click image for larger view)
Slideshow: Top 10 Cloud Stories Of 2010
The early suppliers of cloud computing have often built service organizations conceived around single-tenant technology, but they've ended up supplying services based on multi-tenant technology, says an early proponent of security in the cloud.

That means they're ill-prepared to supply an audit trail to individual customers, who are probably running their workloads on a server with many fellow cloud users. Jim Reavis, co-founder of the Cloud Security Alliance, will speak to this and other concerns when he addresses the Connections Conference in Las Vegas April 17-21. Reavis is a keynoter for the Las Vegas event's cloud track. His talk will be on "Building the Trusted Cloud."

One problem in the multi-tenant cloud, where different businesses use the same server, is supplying a user with his own track of events in the server log. Techniques for isolating one customer's information from another's are still rudimentary. The concern is not only that a given user will not get his activity in the log, but that he might get someone else's as well by mistake. The job of isolating one user from another in one server log still needs more work, Reavis said in a recent interview.

"How do I as a cloud supplier provide a view of that logged information, scrubbed from the other customer's information?" he asked. The answer is not yet clear, leaving cloud users in an awkward position if they need to provide an audit trail from information in the hands of their cloud supplier. The problem will get sorted out, he predicted.

He thinks the dangers of security exposures in the cloud, while they exist, are overstated. As we gain maturity in cloud computing, "the cloud has so much power to make security better" for its customers, as opposed to undermining it, he said.

Reavis is the alliance's executive director as well as head of the Reavis Consulting Group in Ferndale, Wash. The alliance is made up of a mix of industry vendors and has been instrumental in establishing a common framework of terms and definitions in cloud security. It also issues periodic best practices documents. Its Governance, Risk Management and Compliance Stack, for example, is an IT manager's toolkit for assessing a cloud operation, whether public or private, against security best practices and compliance requirements.

Among the 77 corporate members of the alliance are: Lockheed Martin, IBM, Google, Microsoft, Rackspace, Dell, Intel, Cisco, Verizon Business, Oracle, CA Technologies, Rackspace, VMware, Terremark, and CSC.

Another keynoter for the cloud track at the show is Nils Puhlmann, chief security officer at Zynga, the San Francisco online game company and creator of Mafia Wars and Farmville. Puhlmann is also co-founder of the Cloud Security Alliance and serves as its chief information security officer. His talk will be on "Securing Innovation" and he will draw on his experience marshaling security practices at the world's largest online gaming company.

In an interview, Puhlmann pointed to a recent security brief issued by RSA, the security software maker now known as the RSA Security Division of EMC, as pointing to methods for establishing much stronger security practices in the enterprise data center and the cloud in the future.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Preparing for the Upcoming Quantum Computing Revolution
John Edwards, Technology Journalist & Author,  6/3/2021
How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll