Olivier Caleff is chair of the Security in the Cloud track at CARTES 2012, Paris, Nov. 6-8. As a co-founder of the French Chapter of the Cloud Security Alliance, Caleff talked with SourceMedia in anticipation of the conference.
What is the most important thing for CARTES attendees to know about cloud computing?
The crucial role played by authentication. It’s the main security service that prevents a prying eye from accessing someone else’s cloud environment and using the information.
You must establish a high level of trust and use an authentication strength that matches the classification of the assets to be accessed. Additional recommended services are authorization and logging, for log analysis.
Do cloud computing’s benefits really outweigh the risks?
Well, you‘d rather ask this question to risk managers. They are in a position to assess and balance the risks. The Cloud Security Alliance provides methodologies and checklists to support this type of work.
Risk managers assess the type of use and solutions that can be used or built on the cloud, and whether it’s appropriate to its requirements for IT services and application environment. There’s no generic rule of thumb: all industries and companies are different.
What is your advice to those considering cloud computing?
Be aware that although cloud computing and outsourcing are closely related, there are some differences. The dynamics in the business relationship change, giving greater control to the cloud service provider. When companies outsource IT, a contract is established between the customer and the supplier, every detail being spelt out.
With cloud solutions, providers do not wish customize their offerings. The vision from key players is to offer generic types of service to all customers.
As a CSIRT Manager of CERT DEVOTEAM, I would also recommend to be prepared to handle incidents a different way. You must anticipate and establish procedures with your provider(s), and take into account cloud-specific issues.
What are the most common mistakes of cloud computing?
Companies considering cloud computing must weigh the pros and cons. If you just consider the price and scalability benefits and all the bells and whistles that go with them, added capabilities… on paper everything looks nice. But you must balance that with security, including availability and compliance to regulations and other criteria.
Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.
SourceMedia
Recent Comments