Tuesday, January 05, 2010

getting started with cloud security

Think of this post as a trailhead for learning more about the various issues, opinions, and resources relevant for cloud security. I don't claim this is complete, or the best way to start, but it might be helpful if you're interested in cloud security and you are just beginning.

First, a couple of useful resources on cloud computing in general:

The Economist has a briefing on cloud computing, focusing on how companies like Microsoft, Google, and others (not to forget Rackspace) will compete in this new space:

NIST is looking closely at cloud frameworks, taxonomy, and security:

There are many very good technical resources that address cloud security. I can suggest the following:

Technology Review, published by MIT, has a 5 page article on cloud security:

The Cloud Security Alliance is the go-to resource for cloud security, in my opinion, and in particular you should read the latest rev of their Cloud Security Guidance.

enisa published a Cloud Computing Risk Assessment:

Several more focused and technical resources are also helpful, and include Craig Balding's European RSA 2009 presentation:

Here is a very illuminating presentation given at BlackHat USA 2009:

The site for the ACM's 2009 Cloud Computing Security Workshop has a number of presentations and papers you can download if you are interested in more technical topics:

There are very many blogs that address or mention cloud security. Rather than try (and fail) to provide a comprehensive list, I'll suggest you look at Chris Hoff's blog Rational Survivability. For the record - Chris led a discussion of security at Cloud Camp Boston and that discussion introduced me to some of these resources (thanks Chris, my head hurts now...). Chris also is a leader in the A6 working group.

Maybe in another post I should try to list the various experts that, on Twitter, are helping to drive this forward. Maybe.

UPDATE:  Check out http://cloudpaas.org/ for an interesting matrix laying out features and capabilities of various clouds.

No comments: