Forgot your password?
Cloud Security IT

Cloud Security: What You Need To Know To Lock It Down 74

Posted by samzenpus
from the better-safe-than-sorry dept.
Nerval's Lobster writes "IT security writer Steve Ragan writes: 'The word "cloud" is sometimes overused in IT—and lately, it's been tossed around more than a football during a tailgating party. Be that as it may, organizations still want to implement cloud-based initiatives. But securing assets once they're in the cloud is often easier said than done.' He then walks through some of the core concepts of cloud security, along with the companies operating in the space."
This discussion has been archived. No new comments can be posted.

Cloud Security: What You Need To Know To Lock It Down

Comments Filter:
  • by Animats (122034) on Monday July 09, 2012 @03:13PM (#40595071) Homepage

    From the article:

    "When you sign a Business Associate agreement, there's a level of liability that the business associate accepts. They openly acknowledge they have to operate within the HIPAA security rule like any covered entity. Understandably, none of the current cloud providers are willing to do that."

    That says it all. The major cloud providers won't accept responsibility for security in their own systems.

  • Re:Can't be done. (Score:2, Insightful)

    by Anonymous Coward on Monday July 09, 2012 @03:23PM (#40595193)

    There's always someone who can compromise your secret data. In a typical non-cloud in-house datacenter who is it? The 7 guys in the IT department, the 4 other guys in the network department, 5 or 6 key developers who have privileges to debug realtime production problems, a few high-level VPs and Execs. Oh and let's not forget all of the hardware vendors you're trusting not to plant hardware backdoors in the servers and network gear they ship you (it has happened before!). You're already putting a lot of faith (and/or contractual threats) into those people. Now you get to add Amazon to the list of people you have to trust. For *most* companies of a reasonable size, you're actually gaining security by handing off some of the risk to a larger and probably more-responsible organization like Amazon.

  • Step #1 (Score:4, Insightful)

    by Nadaka (224565) on Monday July 09, 2012 @03:25PM (#40595217)

    Don't use the cloud.

    Step #2
    We don't need no stinking step #2.

  • by rgbrenner (317308) on Monday July 09, 2012 @03:44PM (#40595443)

    Did you actually read that whitepaper? Amazon says you should encrypt the data BEFORE uploading it to S3. Doesn't that tell you everything you need to know about S3's security? And to top it all off, at the end:


    This white paper is not intended to constitute legal advice. You are advised to seek the advice
    of counsel regarding compliance with HIPAA and other laws that may be applicable to you
    and your business. Amazon Web Services LLC. and its affiliated entities make no
    representations or warranties that your use of Amazon Web Services will assure compliance
    with applicable laws, including but not limited to HIPAA.

IF I HAD A MINE SHAFT, I don't think I would just abandon it. There's got to be a better way. -- Jack Handley, The New Mexican, 1988.