By Larry Hughes, Research Analyst, Cloud Security Alliance
Cloud computing has the potential to enhance collaboration, agility, scale and availability, and provides opportunities for cost reduction through optimized and efficient computing. The cloud trend presents a momentous opportunity to revisit not only how we think about computing, but also how we think about information security.
The Cloud Security Alliance (CSA) recently teamed up with Palo Alto Networks to produce a new whitepaper titled, "Security Considerations for Private vs. Public Clouds." For purposes of definition, a public cloud deployment occurs when a cloud’s entire infrastructure is owned, operated and physically housed by an independent Cloud Service Provider. A private cloud deployment consists of a cloud’s entire infrastructure (e.g., servers, storage, network) owned, operated and physically housed by the tenant business itself, generally managed by its own IT infrastructure organization.
While the title of the paper implies a primary focus on security, we took the opportunity to expand the conversation and incorporate a wider set of considerations including:
- Business and legal topics, including contracts, service level agreements, roles and responsibilities, and compliance and auditing. We touch on the importance of establishing principal business and legal feasibility early on in the process, before investing too much in technical requirements.
- Physical and virtual attack surface considerations including a look at vulnerabilities that are accessible to would-be attackers.
- Operational issues, including data migration, change management, logging, monitoring and measuring and incident management and recovery and the roles they play in determining which cloud deployment makes the most sense for an organization.
Cloud security is one of the most critical considerations, regardless of whether the deployment is public vs. private. But security is not black and white and no two companies looking to deploy a cloud infrastructure do so for exactly the same reasons. Wise organizations will take the long view and invest in security accordingly. As Thomas Edison once said, “Opportunity is missed by most people because it is dressed in overalls and looks like work.”
On Tuesday, June 23, Matt Keil, Palo Alto Networks Director of Product Marketing for Data Center, and I will be hosting a webinar to discuss the white paper in-depth and look at security considerations for public and private clouds. For more information and to register for the webinar, click here.
For more information on CSA, please visit https://cloudsecurityalliance.org.