Cloud Computing Security Macro Layers? I’ll Take “It’ll Never Sell” For $1000, Alex…
Mogull commented yesterday on my post regarding TCG’s IF-MAP and remarked that in discussing cloud security and security models, the majority of folks, myself included, were focusing on the network:
Chris’s posting, and most of the ones I’ve seen, are heavily focused on network security concepts as they relate to the cloud. But if we look at cloud computing at the macro level, there are additional layers which are just as critical (in no particular order):
- Network: The usual network security controls.
- Service: Security around the exposed APIs and services.
- User: Authentication- which in the cloud world, needs to move to more adaptive authentication, rather than our current static username/password model.
- Transaction: Security controls around individual transactions- via transaction authentication, adaptive authorization, and other approaches.
- Data: Information-centric security controls for cloud based data. How’s that for buzzword bingo? Okay, this actually includes security controls for the back-end data, distributed data, and any content exchanged with the user.
To learn more and to read the entire article at its source, please refer to the following page, Rational Survivability: Cloud Security Macro Layers? I’ll Take "It’ll Never Sell" For $1000, Alex…