At this week's RSA 2010 conference, cloud security has been a hot topic. As Brian Prince wrote for eWEEK:
The overall theme: Security may make or break cloud computing efforts as businesses look to balance the needs of regulations, access management and data protection with the business benefits the cloud can bring to the table. But saying that is the easy part.
So what are some of the security issues in the cloud? The Cloud Security Alliance, apparently recognizing the need to talk about security issues in this ever-emerging technology, announced a few initiatives "to provide both cloud customers and cloud providers with research, tools and calls to action to further build trust and mitigate risks within cloud computing."
"Cloud services are clearly the next generation of information technology that enterprises must master. We have a shared responsibility to understand the security threats that accompany the cloud and apply the necessary best practices to mitigate them,” said Jim Reavis, founder of the Cloud Security Alliance. "The objective of this report was to not only identify those threats which are most germane to IT organizations but also help organizations understand how to proactively protect themselves. This is the first deliverable in our cloud threat research initiative, which will feature regular updates to reflect participation from a greater number of experts and to keep pace with the dynamic nature of new threats.”
SafeNet Inc. also discussed cloud security and offered some solutions. They include:
Intelligent Authentication Tokens – Ensuring that only authorized users gain access to cloud-based resources is critical for cloud providers and enterprises. SafeNet's multi-factor strong authentication solutions ensure that only authorized individuals access an organization's sensitive information – enabling business, protecting data, lowering IT costs and boosting user productivity.
Secure Cryptographic Key Storage – A centralized, hardened security appliance manages cryptographic keys, access control, and other security policies. In addition, a virtualized instance of this appliance is deployed in the cloud to replicate policies and security enforcement on the data. Security administrators can dictate policy based on business content, documents, and folders in order to ensure only authorized users and groups access sensitive data. SafeNet hardware security modules offer centralized, FIPS- and Common Criteria-certified storage of cryptographic keys.
Secure storage in the cloud across file, application, and database systems — Driven by a need to use the cloud's elastic storage, organizations can securely store data in the cloud, effectively using the cloud for backup, disaster recovery, and archiving of data. SafeNet provides protection of stored data through a hardened appliance that centralizes encryption processing, keys, logging, auditing, and policy administration across file, application and database systems.