Understanding Security Threats: Private, Hybrid, Public Clouds

In his lecture at UCLA on Amazon Web Services Cloud, Dr. Werner Vogels, CTO of Amazon and the technical lead of the worldbs leading cloud service provider, said, bAt the end of each presentation, I face three questions: one, security; two, security; three, security.b Make no mistake about it, cloud security is critically important.

Question:B Would you rather trust Amazonbs vast resources to address threats to information security in the Cloud or your own internal infrastructure?B Of course, there is not a clear cut answer.B There are pros and cons to each approach.

As webve been discussing, however, it isnbt really either/or.B You must address IT security risks and threats to information security in the Cloud.B It is unavoidable.

One of the best resources for cloud computing best practices is guidance provided by experts engaged by the Federal Government at The National Institute of Standards and Technologies (NIST). NIST has published numerous reports on cloud computing and cloud security. Many of the leading reports can be found at NISTbs website.

Determining which type of cloud is best for your organization is a great place to start.

Will you create a private cloud?B Typically, this involves putting your own server into a secure data center.B This is the most secure of the Cloud options.B Securing the perimeter is more challenging than keeping all your data on-site, but there is still a perimeter to secure.

As the perimeter gets fuzzier, we move beyond the private cloud to a hybrid or public cloud.B At this point, you are relying more and more on the Cloud service provider for security.

What would I like to leave you with?B Regardless of the level of Cloud adoption, your organization will need to address threats to information security.B bBest practicesb include regular employee training on security risks and what can be done to mitigate them.B Everyone needs to be part of the solution.