One major concern with the adoption of cloud computing is the lack of a
defined standard or standards that are specific to operations impacting
security, interoperability & mobility within the Cloud ecosystem.
As most managers of security departments will attest to, there is a fine line
between security and operations. While we as business managers want to ensure
that we maximize the ROI on our operational investments and ensure that
availability is paramount for our users, we do not want to do so at the
expense of our security measures, policies and protocols.
On the other hand we do not want to lock down a system providing maximum
security, but to such an extent that there is a degradation in availability -
thus negatively impacting operations and our revenue stream by extension.
In the traditional IT Security/Operational world we balance tools and metrics
from ITIL a... (more)
Web-services research and protocol applications have been around and in use
for quite some time now. With the potential Capex and Opex savings
enterprises can potentially realise from utilizing a cloud computing service
model, there should also be added focus on ensuring that security is properly
implemented either in authentication or authorization.
Cloud Computing, with its foundation in the world of virtualization, can take
advantage of key aspects of web service implementations and security
practice; but only to a point. Web service policies are based on a static
model that ... (more)
Proponents of the cloud ecosystem touts its "vastness, flexibility and
scalability as advantages for the implementation of cloud services. However,
from a digital point of view this can be a veritable forensic challenge as we
view the cloud in terms of its scope and diversity.
According to Dr. Stephen Wolthusen "Digital forensics (also referred to at
times as computer forensics) encompasses approaches and techniques for
gathering and analyzing traces of human and computer-generated activity in
such a way that it is suitable in a court of law."
A key challenge to a digital inve... (more)
As mentioned in Part 1 of this article, one of my functions is to research
current and up and coming solutions within the technology realm, particularly
that of distributed computing and cloud computing.
It is a strong possibility that malicious users will eventually identify and
exploit potential flaws within the cloud computing model. CSPs, in their
pursuit to secure market share may have underestimated the possibilities of
attack and misuse of their cloud resources by a malicious user or users.
The likelihood that the creation, storage, processing and distribution of
illicit ... (more)
These days when we hear the term "cloud computing" there is an understanding
that we are speaking about a flexible, cost-effective, and proven delivery
platform that is being utilized or will be utilized to provide IT services
over the Internet. As end users or researchers of all things "cloud" we
expect to hear about how quickly processes, applications, and services can be
provisioned, deployed and scaled, as needed, regardless of users' physical
When we think of the typical traditional IT security environment, we have to
be cognizant of the potential for an onslaugh... (more)