> Cloud Computing was front and center this year. One of the
> more interesting points that kept reoccurring was the need
> for better security. There seems to be a definite desire
> to use "Cloud Infrastructure" both internally within high
> performance computing, trading platforms and other various
> software platform services. There seems to a genuine desire
> to use external cloud resources such as Amazon. The need to
> secure data in the cloud was one of their single biggest
> concern. Those who offer this kind of "bridge to the cloud"
> will be the ones who will bring the most value to the
> banking industry. What is interesting, for the time being
> they seem more interested in keeping their "compute
> resources" safely tucked under the mattress then putting it
> to the hands of a "book store".
The obvious observations:
- While your data is being processed on someone else's hardware, you are essentially trusting that other party to maintain the integrity of your data. It is really hard to verify that the environment and practices of the people operating and running the cloud are actually adequate, correct, or implemented in a secure manner at all. Sufficient security might be difficult to implement in a cloud computing environment that was not designed from the ground up for this purpose.
- As a practical matter, I wonder if a solution to this, assuming the facilities are up to spec, would be to split the difference with what is done for classified services. It might be sufficient to have the industries with strong security and/or regulatory concerns certify or clear a small subset of employees at the cloud provider for operating their portion of the cloud. In essence, a strictly scrutinized trust network with revocation power. Hell, this probably dovetails with some existing bodies.
This will potentially create a fertile new ground for very subtle and complex exploits and manipulations. We just have not created the incentive yet for anyone to bother (that I know of).
Cheers,
Andrew
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cloud Computing" group.
To post to this group, send email to cloud-computing@googlegroups.com
To unsubscribe from this group, send email to cloud-computing-unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.ca/group/cloud-computing?hl=en
-~----------~----~----~----~------~----~------~--~---
Posts
No comments:
Post a Comment