In response to last week's post about cloud computing, I received the following guest post from Heather Axworthy, who is a self-described "Network Security Diva" (alas, I fear my diva days are over) and who has an aptly-titled blog called "Chick Bits." Here's what Heather had to say:
On the heels of the recent announcement of a cloud computing initiative by the new federal CIO, I thought it would be time to talk about the security components needed to protect all the data within the cloud.
If you are not sure what "Cloud Computing" is, in short, it is a new paradigm in which all your resources are delivered as a service over the internet. A perfect example of this is Google Docs! You create, store, use, and share your documents but they are are "housed" at Google and not on your local machine. Your data exists in the big cloud we call the Internet.
The big issue is how to keep the data in the cloud secure. Here is my two cents and what they should be thinking about, out of the gate:
1. Monitoring Activity: You have to look at not just user <--> user activity, but user <--> system activity, and system <--> system activity within the cloud. This can consist of using application and database monitoring products, system logs, and file integrity monitoring products. You have to monitor the data while in motion and at rest!
2. Encryption: Can't have security without it. Look at the data flow within the cloud, encrypt at the weak points, such as downloads, e-mail, and transport between applications and databases.
That is going to be a big challenge, it has the potential to be a security nightmare, but I think if the architects incorporate the items below from the start, it will be less of a nightmare!
Thanks Heather for weighing in. John and I continue to be cloud curmudgeons - it seems that nary a week goes by without a leak in the cloud. And we don't mean rain. As for the federal government's ability to establish a secure cloud . . . Hell will freeze over first.
E-mail: firstname.lastname@example.org Phone: 703-359-0700