In his lecture at UCLA on Amazon Web Services Cloud, Dr. Werner Vogels, CTO of Amazon and the technical lead of the worldb s leading cloud service provider, said, b At the end of each presentation, I face three questions: one, security; two, security; three, security.b Make no mistake about it, cloud security is critically important.
Question:B Would you rather trust Amazonb s vast resources to address threats to information security in the Cloud or your own internal infrastructure?B Of course, there is not a clear cut answer.B There are pros and cons to each approach.
As web ve been discussing, however, it isnb t really either/or.B You must address IT security risks and threats to information security in the Cloud.B It is unavoidable.
One of the best resources for cloud computing best practices is guidance provided by experts engaged by the Federal Government at The National Institute of Standards and Technologies (NIST). NIST has published numerous reports on cloud computing and cloud security. Many of the leading reports can be found at NISTb s website.
Determining which type of cloud is best for your organization is a great place to start.
Will you create a private cloud?B Typically, this involves putting your own server into a secure data center.B This is the most secure of the Cloud options.B Securing the perimeter is more challenging than keeping all your data on-site, but there is still a perimeter to secure.
As the perimeter gets fuzzier, we move beyond the private cloud to a hybrid or public cloud.B At this point, you are relying more and more on the Cloud service provider for security.
What would I like to leave you with?B Regardless of the level of Cloud adoption, your organization will need to address threats to information security.B b Best practicesb include regular employee training on security risks and what can be done to mitigate them.B Everyone needs to be part of the solution.