The Increasing Maturity of Cloud Computing Security

We wrote a few weeks ago about a few good guides for thinking about security in the cloud. In that post we mentioned the Cloud Security Alliance. Now they have just released version 2.1 of their guide to security in the cloud.

The Guide is rather lengthy and still has areas in need of improvement, but it is a valuable document that makes great strides over the previous version and signals that as a field we are close to establishing a mature and systematic approach to cloud computing security.

The Guide includes an excellent overview of “the cloud”, clearly describing how to break it down into different service models and different deployment models. At this point it seems we are close to achieving one of the critical steps for cloud security maturity: a consistent and meaningful terminology and taxonomy of activities.

The Guide’s core is 13 domains (areas of focus) that must be attended to regarding cloud security. The list of domains itself is a useful high-level checklist, and the Guide includes for each domain both useful background information and points of security that need to be addressed.

If a criticism is to be made, it seems that each domain is written by a different set of contributors, and unfortunately it shows. The domains vary in style, content, and approach. For example, when treating security guidance, in some cases specific guidance is given, while in other cases the domains are much more generally written. Also, the terminology and organization of domains could be improved. Hopefully the next version will build on the excellent start they have already made, and streamline and organize the document into a concise set of high-level guidance supplemented with detailed specific guidance in an appendix or companion document.

Quite a few IREC members helped contribute to the Guide, and we congratulate them on the way it is progressing.

Explore posts in the same categories: Cloud Computing

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: