Cloud Security

Two Big Lies

posted May 29, 2011, 5:11 AM by Ramece Cave   [ updated May 29, 2011, 5:51 AM ]

While trolling Security News Portal I found an article on the two biggest lies in cloud security. To briefly summarize the lies are: 

1 - Private cloud, more secure.
2 - Public cloud, security is the responsibility of the provider.

Interestingly, I remember the first statement above being said in a meeting last week, and if you recall in my previous post I suggest security should be provided by Google. The article puts the security burden on both of us, which is correct, provided the Cloud Service Provider (CSP) enables the users to have the granularity needed to secure their data. I suspect CSPs are running into the same or similar problems as web hosting providers when public shared hosting first arrived.  

Still more work to do before I understand what the inherent risks and assumptions are with cloud security.

An Idea

posted May 28, 2011, 7:15 PM by Ramece Cave

One thing I have been toying around with, is having the data received from TrapperJohn log into the NoSQL DB back-end used by the Google App Engine. This way, I can have a backup of the data, plus it can be shared. I am assuming the security concerns are (should) be addressed by Google. In all honesty it may depend on the level of access I give users. 

Ultimately the best course of action maybe to setup Ubuntu Cloud and do some good old fashioned testing.

Gaining an Understanding

posted May 28, 2011, 11:59 AM by Ramece Cave

For the past few months I have been trying to get my head around this cloud thing. Conceptually I understand what it means, our data is stored in remote locations and virtual machines are involved in some manner. After talking with a friend in CA, I have come to the realization that I still do not fully understand. Which means, I am probably not alone and as in most things security is one of the last concerns. So, with this vast technology how is data secured? I imagine there might be numerous threats, some of which we do not encounter in our day-to-day security practice.

I started thinking about security in the cloud after a meeting a few weeks ago, were it was briefly mentioned but not expounded upon. Since I like to jump into things head first I bought a book called Code in the Cloud from Pragmatic Books (which is an awsome site by the way) to start learning how to code in the cloud. This does not give me the true insight and understanding I am seeking, but its a step in the right direction to reaching that level. Plus, I get to learn some cool stuff along the way.

I will keep you posted on any new developments (no pun intended)

1-3 of 3