Clean Clouds – how to secure utility computing

Publish date:

So, I can use my home broadband which gives me a reliable 10Mbps for £10 per month … or I can use a corporate network which gives me a slightly less reliable 100Kbps for £200 per month or more … Most corporations are don’t build great IT infrastructures but, luckily, they don’t have to, any […]

So, I can use my home broadband which gives me a reliable 10Mbps for £10 per month … or I can use a corporate network which gives me a slightly less reliable 100Kbps for £200 per month or more …
Most corporations are don’t build great IT infrastructures but, luckily, they don’t have to, any more than they have to generate their own power or build their own road networks. As the above comparison shows, there are staggering cost savings available if we can solve the security and integration issues of cloud computing.
We need what I call Clean Clouds – computing utilities with security built in.
What does that mean – specifically, what do businesses need from Web2.0 that individuals don’t? Here is an incomplete list of ideas:

  • Legal and liability – if my business used a cloud and the cloud fails, who can I sue? People are still trying to back-to-back their liabilities but I don’t think this works with utilities. This type of risk needs to be accepted, or transferred through insurance.
  • Identity – how can I separate out my assets and users from others on the same cloud? This can be solved by federation which is now a reasonably mature technology
  • Information control – how can I enforce the right security and information lifecycle controls over my information when it’s stored in the cloud? Actually, there are two problems here. The first is that information access policies must be much more accurate and much more complex when they cover cloud objects. There are tools available now to do this – think of the XACML standard for encoding security policies. However, I don’t think this is something that most organisations will be able to do for themselves – instead, policy development for cloud objects should be itself a cloud service. The second is that organisations need a variety of services, such as bullk upload/download, that individuals don’t. This has to be solved by the market in conjunction with standards organisations.

I wish I could say that this is all new, but I can’t. This is all de-perimeterised security as proposed by the Jericho Forum.

Related Posts

Cybersecurity

Insider Threats: Getting to the left of Boom!

Dan Leyman
Date icon February 15, 2021

Mature, effective insider risk programs take the necessary next step to prevent insider...

Cybersecurity

IAM’s role within your enterprise cyber framework

Chris Williams
Date icon February 10, 2021

A strong IAM infrastructure can help the organization effectively apply its policies and...

Cybersecurity

Cybersecurity in 2021: Four predictions

Geert van der Linden
Date icon February 10, 2021

COVID-19 has heightened the importance of cybersecurity as a business enabler, giving...