Cloud Security: What You Need To Know To Lock It Down

Nerval's Lobster writes "IT security writer Steve Ragan writes: 'The word "cloud" is sometimes overused in IT—and lately, it's been tossed around more than a football during a tailgating party. Be that as it may, organizations still want to implement cloud-based initiatives. But securing assets once they're in the cloud is often easier said than done.' He then walks through some of the core concepts of cloud security, along with the companies operating in the space."

Insecure, and the cloud providers know it.

[Animats]

From the article:

"When you sign a Business Associate agreement, there's a level of liability that the business associate accepts. They openly acknowledge they have to operate within the HIPAA security rule like any covered entity. Understandably, none of the current cloud providers are willing to do that."

That says it all. The major cloud providers won't accept responsibility for security in their own systems.

Re:Insecure, and the cloud providers know it.

[rgbrenner]

Did you actually read that whitepaper? Amazon says you should encrypt the data BEFORE uploading it to S3. Doesn't that tell you everything you need to know about S3's security? And to top it all off, at the end:

Disclaimer

This white paper is not intended to constitute legal advice. You are advised to seek the advice
of counsel regarding compliance with HIPAA and other laws that may be applicable to you
and your business. Amazon Web Services LLC. and its affiliated entities make no
representations or warranties that your use of Amazon Web Services will assure compliance
with applicable laws, including but not limited to HIPAA.

Step #1

[Nadaka]

Don't use the cloud.

Step #2
We don't need no stinking step #2.