Tuesday, January 05, 2010

getting started with cloud security

Think of this post as a trailhead for learning more about the various issues, opinions, and resources relevant for cloud security. I don't claim this is complete, or the best way to start, but it might be helpful if you're interested in cloud security and you are just beginning.

First, a couple of useful resources on cloud computing in general:

The Economist has a briefing on cloud computing, focusing on how companies like Microsoft, Google, and others (not to forget Rackspace) will compete in this new space:
http://www.economist.com/displaystory.cfm?story_id=14637206

NIST is looking closely at cloud frameworks, taxonomy, and security:
http://csrc.nist.gov/groups/SNS/cloud-computing/

There are many very good technical resources that address cloud security. I can suggest the following:

Technology Review, published by MIT, has a 5 page article on cloud security:
http://www.technologyreview.com/web/24166/

The Cloud Security Alliance is the go-to resource for cloud security, in my opinion, and in particular you should read the latest rev of their Cloud Security Guidance.

enisa published a Cloud Computing Risk Assessment:
http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment

Several more focused and technical resources are also helpful, and include Craig Balding's European RSA 2009 presentation:
http://www.slideshare.net/craigbalding/what-everyone-ought-to-know-about-cloud-security

Here is a very illuminating presentation given at BlackHat USA 2009:
http://www.slideshare.net/astamos/cloud-computing-security

The site for the ACM's 2009 Cloud Computing Security Workshop has a number of presentations and papers you can download if you are interested in more technical topics:
http://crypto.cs.stonybrook.edu/ccsw09/

There are very many blogs that address or mention cloud security. Rather than try (and fail) to provide a comprehensive list, I'll suggest you look at Chris Hoff's blog Rational Survivability. For the record - Chris led a discussion of security at Cloud Camp Boston and that discussion introduced me to some of these resources (thanks Chris, my head hurts now...). Chris also is a leader in the A6 working group.

Maybe in another post I should try to list the various experts that, on Twitter, are helping to drive this forward. Maybe.

UPDATE:  Check out http://cloudpaas.org/ for an interesting matrix laying out features and capabilities of various clouds.

No comments: