Cryptographic key management in the enterprise today is broken. It is a failed model of proprietary 'solutions' that is not effective, nor is it scalable. If we expect key manage-ment to work in the cloud, then we need a new... read more
NIST continues to ponder cloud computing. Its definition of cloud computing is now up to version #15, and its presentation on Effectively and Securely Using the Cloud Computing Paradigm is now up to version #26. No word on when either... read more
Of course, we all know the story of the Tower of Babel, typified by a confusion of many languages. And for years, science fiction has included so-called universal translators that can overcome the Tower of Babel problem. It was arguably... read more
Like most industries, the tech industry, usually takes itself very seriously. And, sometimes that's too seriously. Sometimes, we all just need to sat back and have a good laugh - at ourselves. (That certainly includes me.) So, I really like... read more
Virtual wind shear hit consumer cloud computing this last weekend. Caught in the microburst was Microsoft's subsidiary, Danger. Reports have confirmed that Danger has crashed and burned - badly. Actually, it would be more accurate to say that Danger's servers... read more
There are of course public clouds, private clouds, and hybrid clouds. There has also been talk of possible 'regulated' clouds for regulated information. The anticipated promise of regulated clouds is that customers would get the benefits of a public cloud... read more
National Security Podcast.Mather.090915.mp3 Network Security Podcast, Episode 166 Martin McKeay: I had a chance to interview Tim Mather about his (along with Subra Kumaraswany and Shahed Latif) upcoming book, Cloud Security and Privacy. I find it interesting to hear about... read more
Cloud computing took another big step forward this week with an announcement from Vivek Kundra, the federal Chief Information Officer, that the Federal Government would begin using cloud computing. The symbolism of his announcement being made in Silicon Valley should... read more
As I've written about previously, there has been a great deal of hype about cloud computing. There has also been considerable angst about the security afforded by cloud computing. Most of that concern has focused on public clouds. (By definition,... read more
Webcast - Cloud Security Deep Dive January 20, 2010
In this 90 minute webcast, the three coauthors of Cloud Security and Privacy (recently published by O'Reilly) will take a deep dive into cloud security issues and focus on three specific aspects: (1) data security; (2) identity management in the cloud...
Webcast - Cloud Security & Privacy January 20, 2010
This 75-minute webcast will discuss current issues in cloud computing with regard to security and privacy. The presenters are the three coauthors of a recently published O'Reilly book, Cloud Security and Privacy. In this webcast, they will discuss cloud...
"This book can be a good resource for people who are planning on cloud computing solutions. "
--Andy Zhang, Amazon.com
"The authors successfully manage to provide a very helpful overview of the topic...the book will help readers understand cloud security concepts and ideas, as well as expectations for the future.
--Kate Barr, Computing Reviews
"Overall this is a surprisingly good book tackling a difficult topic..."
--Sue Gee, I Programmer
"The book is indeed a comprehensive treatise on everything cloud, and everything cloud security...One of the most important things I picked from the book was a very structured view on separation of security responsibilities between the cloud provider and the customer for all of the SPI scenarios. This alone probably justifies getting your own copy. "
--Dr. Anton Chuvakin, Amazon.com
"...this is a great source of information on a very hot topic du-jour, and the combined experience and expertise of the authors does a lot to bring credibility and added value to this work. It is highly recommended for those that are either currently using, or considering, cloud services for their enterprise in the immediate or very near future."
--Jude Umeh, FBCS, CITP, BCS
"There are no other books that I know of that attempt to deal with this subject as completely and as comprehensively as does Cloud Security and Privacy. You really do owe it to your organization to read this first in order to be able to ask the right questions. Anything less would be highly negligent on your part. "
--Thomas Duff, Duffbert's Random Musings