Two items this week bring into focus the security issues around cloud computing.
According to an article on DISA’s RACE (Rapid Access Computing Environment), the comment is made that RACE is more secure and stable than the Google cloud. Arguments aside about the definition of clouds and whether private clouds are really clouds, I find this interesting because it highlights that looking at clouds is not a “if you don’t like it, leave” security proposition, but you can have choices. Just don’t try to shoehorn your requirements into an existing cloud that doesn’t meet those.
Second was the news from the BBC that an estimated 30k Gmail accounts had allegedly been compromised through phishing: 1) you get the security you pay for and 2) not much new here – this wasn’t likely a new cool super-sophisticated attack but an old one, and it just went where the fishing (arg) was good.
2 responses so far ↓
1 Jay Heiser // Oct 8, 2009 at 6:30 am
“For its cloud-based applications, DISA conducts a full SAS 70 audit.”
Why would the US military, with a 40-year history of computer security research and practice, use an auditing standard that is explicitly not intended to be applied to technical evaluations?
Can it really be the case that the GSA wants to apply FISMA to the cloud-based apps that are purchased from Google, SFDC, etc (see apps.gov), while the military wants to apply Statement of Accounting Standards Seven Zero to their in-house systems?
2 Danger. Danger, Will Robinson! (enough with the panic, please) « Hyperguarding your Web Applications // Oct 13, 2009 at 3:04 pm
[...] things to people. Is your cloud provider being transparent with bugs, glitches, etc? Do you have provider options (Google, Amazon, DISA’s RACE)? How id your data handled and protected? Is the cloud application [...]
Leave a Comment