Cloud computing and it's security aspect.
Page 1 of 4 123 ... LastLast
Results 1 to 10 of 31

Thread: Cloud computing and it's security aspect.

Hybrid View

  1. #1
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003

    Cloud computing and it's security aspect.

    I have had keen interest in Virtualization for quite some time now. With cloud computing coming up virtualization is taken to the next level. My work experience with Virtualization has been rather less (my over all work experience has been 2 years all of in core security architecture development and implementation, virtualization is like few weeks now mostly at home and a server coming up next week ).
    I’ve been intrigued with how virtualization, if used in the right way can solve so many of security problems (although most would say they give rise to many security concerns too and that’s true in its own way).
    I didn’t want to Google this and go over 100’s of pages (not 1000’s yet) of how cloud computing is going to be a security nightmare (I think I read this on Cisco’s web page.) but I want to know it from you (members here) on what they think about how cloud computing will impact security architecture as it stands now or cloud computing and its security aspect as a general topic. You may also put your general questions / comments / opinions about cloud computing.


    I will be using material in this thread towards a paper I’m writing on cloud computing. The paper will focus on “security” aspect of cloud computing.

    Thank you ALL in advance.

    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Most of the security threats we've seen have been to the guest OS rather than the virtualization (at least at the bare metal level compared to the hosted level, which has more ties between the OS and the Hypervisor). It'll be interesting to see what new threats are developed for this environment as time goes on.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    True MS.. (For some reason I knew you'll be the first to reply.. )

    Anyway with virtualization comes certain risks that people seem to oversee. I completely agree with the statement that in virtualization risk lies in host OS but with the way virtual servers are put up security appliances need to re-designed or you're opening up holes in your network. I am not getting a very good example to explain this but I hope you get it (sorry though) ..

    I'm really excited about my paper (I hope to get it out soon) but right now.. It’s time to head home.. (Rain in Mumbai is a killer .. )
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Well, some things do have to change but the principles are still the same. I know our product is EAL 4+ certified out of the box and the NSA/NIST Guide is out for ESX 3 (http://www.nsa.gov/ia/_files/support/I733-009R-2008.pdf). A lot of the consideration is how networking is configured (separate and isolated are preferred, particularly keeping the service console or other management port separate from network storage -- if any -- and the VMs/Cloud's environment). I'd be curious to read the paper after you've completed it.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Lol.. MS between you and me.. (Actually since I’m saying it here its public) anyway I wanted to write a paper detailing "something" that I’ve found interesting for a long time..Trust me my first choice was how to secure Winxp or something

    But then I moved to VM's and now this.. I promise by the time I’m done ill have something good to read upon.. Anyway there WILL be some delay.. I'm trying to give GCIH and PMI ..

    Anyway it’s nice to know that AO isn't completely dead ..
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  6. #6
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Hey I just went over Trend's documents and presentation (sale's oriented) describing how they are using cloud computing for their anti-malware / enterprise grade products..

    I really don't like the way they have done this! I mean it's stupid and actually decreases security level provided.. It does decrease the time frame for new malware to be detected but provides much less security too..

    Can we discuss this? (PM / IM maybe, please )
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  7. #7
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Quote Originally Posted by ByTeWrangler View Post
    Hey I just went over Trend's documents and presentation (sale's oriented) describing how they are using cloud computing for their anti-malware / enterprise grade products..

    I really don't like the way they have done this! I mean it's stupid and actually decreases security level provided.. It does decrease the time frame for new malware to be detected but provides much less security too..

    Can we discuss this? (PM / IM maybe, please )
    I'd be interested in discussing it but if it's ok, can we get into the in-depth discussion next week after Monday morning? I'm in the process of studying for my VCP 4 Beta exam (it's rather lengthy) and want to pass it on first go but I know it'll be longer than the regular exam.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  8. #8
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    ALL THE BEST FOR YOUR EXAM'S !

    YOU WILL PASS I'M SURE !

    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Funny things clouds...........they are woolly, fuzzy, and obscure your vision. But, every one of them has a silver lining, or so the saying goes.

    At least that seems to be the hope of Google, Microsoft, IBM, Sun Microsystems and everyone else who seems to be trying to jump on this "cloud computing" bandwagon............or will it be a gravy train?.............they wish!

    There is no such thing as "The Cloud" other than in the imaginations of marketing drones and media hacks.

    It already has a name as it happens.............it is called "The Internet"

    So, given that we are really talking about "Internet Computing", I would suggest that these are a few of the areas where security needs to be considered:


    1. Everything is a service so who is responsible for controlling and securing it?
    2. Who audits their stewardship of these responsibilities?
    3. Who hires and vets the staff?
    4. Who ensures regulatory compliance and how?
    5. Location of data.
    6. Encryption and secure data transfer.
    7. Access control; both physical and remote.
    8. Disaster recovery
    9. Business continuity.
    10. Forensics



    It might be useful to look at stuff on e-commerce security, as a lot of the issues will be similar.

    P.S. Good Luck MsM!
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #10
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Byte, Well we have moved over to cloud computing for over two years now and everything is going good so far.

    Could you explain the security aspect because as a "Management Hosted Service" with our product such as Managed Office Protection , it makes it relatively easier for the customer as no infrastructure needs to be installed at the premises besides the resident which is light due to "scanning" from the cloud.

    Im also very interested in this topic, dont make it a private discussion
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •