Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cloud Security: What You Need To Know To Lock It Down

Posted by samzenpus on from the better-safe-than-sorry dept.

Nerval's Lobster writes "IT security writer Steve Ragan writes: 'The word "cloud" is sometimes overused in IT—and lately, it's been tossed around more than a football during a tailgating party. Be that as it may, organizations still want to implement cloud-based initiatives. But securing assets once they're in the cloud is often easier said than done.' He then walks through some of the core concepts of cloud security, along with the companies operating in the space."

4 of 74 comments (clear)

  1. Insecure, and the cloud providers know it. by Animats · · Score: 5, Insightful

    From the article:

    "When you sign a Business Associate agreement, there's a level of liability that the business associate accepts. They openly acknowledge they have to operate within the HIPAA security rule like any covered entity. Understandably, none of the current cloud providers are willing to do that."

    That says it all. The major cloud providers won't accept responsibility for security in their own systems.

    1. Re:Insecure, and the cloud providers know it. by rgbrenner · · Score: 3, Insightful

      Did you actually read that whitepaper? Amazon says you should encrypt the data BEFORE uploading it to S3. Doesn't that tell you everything you need to know about S3's security? And to top it all off, at the end:

      Disclaimer

      This white paper is not intended to constitute legal advice. You are advised to seek the advice
      of counsel regarding compliance with HIPAA and other laws that may be applicable to you
      and your business. Amazon Web Services LLC. and its affiliated entities make no
      representations or warranties that your use of Amazon Web Services will assure compliance
      with applicable laws, including but not limited to HIPAA.

  2. Re:Can't be done. by Anonymous Coward · · Score: 2, Insightful

    There's always someone who can compromise your secret data. In a typical non-cloud in-house datacenter who is it? The 7 guys in the IT department, the 4 other guys in the network department, 5 or 6 key developers who have privileges to debug realtime production problems, a few high-level VPs and Execs. Oh and let's not forget all of the hardware vendors you're trusting not to plant hardware backdoors in the servers and network gear they ship you (it has happened before!). You're already putting a lot of faith (and/or contractual threats) into those people. Now you get to add Amazon to the list of people you have to trust. For *most* companies of a reasonable size, you're actually gaining security by handing off some of the risk to a larger and probably more-responsible organization like Amazon.

  3. Step #1 by Nadaka · · Score: 3, Insightful

    Don't use the cloud.

    Step #2
    We don't need no stinking step #2.