Shaping the Future of Cloud Computing Security and Audit
Two typical questions about clouds are: what's new about this? and isn't this just another word for outsourcing?
The quick answer is yes and no.
During a red team exercise in 2008, in which an independent team assessed the security of an organization to provide a realistic view of security readiness, a discussion of impending cloud computing use got the attention of a few security professionals. Over the ensuing two-year period, many types of cloud plans have come and gone, but the need for securing the cloud gained traction in the security industry resulting in the formation of the Cloud Security Alliance (CSA).
The group has done a lot of work to document where security professionals need to concentrate their work in securing the cloud. Several of the domains that have been worked on directly or indirectly affect an organization's ability to audit technology platforms while they reside in the cloud.
In this chapter, the cloud refers to an outsourced platform component for any business or personal need. To that end, there have been many statements over the last year about why this is different from other outsourced models that have been around for decades. The answer is fairly simple; in the past, businesses and individuals have outsourced a discrete technology component such as customer relationship management or financial journaling. The new cloud considerations and needs ...