Wednesday, November 02, 2011

 

Thoughts on Cloud Security...

It would seem to me the focus on the security posture of cloud security providers is well, misfocused...

Let's face it, many cloud providers use the same underlying technologies as large enterprises. This may include various flavors of operating systems such as Linux to virtual machines such as Java or .NET. They will also be running some form of virtualization technology to provide the fundamental isolation from other tenants. So, shouldn't enterprise be worried less about the security posture of any individual cloud provider and instead focused on the security of software deployed regardless of whether you run in the cloud or not.

There are obvious practices an enterprise can leverage before deploying their application to public cloud ranging from the ability to encrypt all sensitive information, to even running your application across multiple cloud providers but security of the cloud still isn't guaranteed in that if the software stack used across all the providers is insecure, then you will still get compromised...






<< Home
| | View blog reactions


This page is powered by Blogger. Isn't yours?