Cloud Computing Resources Directory

  the Basics  
  for Buyers & Users  
  for Vendors  
  for Developers  
  by Industry  
  Analysis  
  Custom View  
  Research & Development  
  Applications  
  Platforms  
  Infrastructure  
  Security  
  Standards & Interoperability  
Application Security Infrastructure Security
How Cloud Computing Paradigm Can Meet the Challenges of Adaptive Security Systems?
How Cloud Computing Paradigm Can Meet the Challenges of Adaptive Security Systems?
by Irina Neaga
The cloud computing model should drive and potentially apply for the design and development of the next generation of adaptive security systems. This essay shows some conceptual ideas and directions based on systems engineering methods and architecting principles.
read the full story >>
Making the Cloud Secure for the Enterprise
Making the Cloud Secure for the Enterprise
by Ellen Rubin
Security issues associated with third-party cloud environments continue to prevent organizations from taking advantage of the cost savings and flexibility that the cloud can offer. Today, using a public cloud means moving from an internal environment where a company has complete control of data and processes to an environment where that control belongs to someone else, and is often opaque. Within the cloud, applications run in a multi-tenant environment sharing virtual machines with other customers. Companies considering moving an application to a cloud have legitimate concerns about data being compromised or stolen, including unauthorized access by cloud administrators, exposure in the Internet or rogue employees using the cloud to corrupt or leak sensitive information.
read the full story >>
Federated Identity Management in Cloud Computing
Mitesh Soni - Senior Software Engineer at iGATE Patni

“Identity” consists of a “set” of information based on context, allied with a definite entity (End User or System). Identity Management should include: Identity Provisioning, De-Provisioning, Identity Information Security, Identity Linking, Identity Mapping, Identity Federation, Identity Attributes Federation, Single Sign On, Authentication and Authorization. With the adoption of cloud services, the organization’s trust boundary has become dynamic. It has moved beyond the control of IT. Identity & Access Management is a critical requirement considering data sensitivity and privacy of information have become increasingly an area of concern in cloud.


Tokenization for Cloud Data Protection
Gerry Grealish - Vice President, Marketing & Products at PerspecSys

This paper offers a high-level overview of tokenization as a data protection and obfuscation technique in the cloud. It also discusses the PCI Data Security Council’s tokenization standards.


The Cloud Security Part 1: For Dummies
Ofir Nachmani - Founder and Auther at I Am OnDemand.com

From an attacker’s perspective, cloud providers aggregate access to many victims’ data into a single point of entry. As the cloud environments become more and more popular, they will increasingly become the focus of attacks. Some organizations think that liability can be outsourced, but no, and I hope that we all understand it cannot. The contract with your cloud vendors basically means nothing, the ISVs or should I say the SaaS providers still holds the responsibility, so rather than focusing on contracts and limiting liability in cloud services deals, you should focus on controls and auditability.


The Cloud Security Part 2: Market Perceptions, Vendors and More
Ofir Nachmani - Founder and Auther at I Am OnDemand.com

From an attacker’s perspective, cloud providers aggregate access to many victims’ data into a single point of entry. As the cloud environments become more and more popular, they will increasingly become the focus of attacks. Some organizations think that liability can be outsourced, but no, and I hope that we all understand it cannot. The contract with your cloud vendors basically means nothing, the ISVs or should I say the SaaS providers still holds the responsibility, so rather than focusing on contracts and limiting liability in cloud services deals, you should focus on controls and auditability.


Intel Cloud Builders Guide to Cloud Design and Deployment on Intel Platforms
Company Profile: CloudSwitch, Inc

Cloud on-boarding with CloudSwitch. For enterprise IT organizations who are looking to securely utilize public clouds and existing data center infrastructure, the decision to use a cloud for the delivery of IT services is best done by starting with the knowledge and experience gained from previous work. This reference architecture outlines how to extend the data center into the cloud using CloudSwitch software with Intel Xeon processor 5600 series servers. This paper, which includes detailed scripts and screen shots, should significantly reduce the learning curve for building and operating your first cloud computing infrastructure.


A Cloud Security Bill of Rights
Company Profile: CloudSwitch, Inc

Cloud Security remains a top concern for enterprise cloud deployments. Unresolved policy and control issues make it difficult to meet the requirements of corporate security and networking teams. As a result, we frequently hear from our customers that they assume they can only put the lowest-risk data and applications into the cloud – or that their cloud projects are on hold till the security issues get resolved. This is a major limitation for cloud adoption, often creating a false belief that the cloud only works for apps “that don’t matter,” or for companies who are willing to take risks.


Domain 10: Guidance for Application Security V2.1 PDF
Alex Meisel - CTO at Art of Defence GmbH
Company Profile: Cloud Security Alliance (CSA)

Picking up from the latest Cloud Security Alliance papers, Domain 10: Guidance for Application Security V2.1 explores some of the challenges that organizations have encountered with application security for cloud computing. Domain 10 provides an upfront analysis, covering the traditional aspects of managing information confidentiality, integrity and availability, as it is central to documenting the classification of data handled by the application and will influence many of the design decisions. It also elaborates on situations for existing applications that are migrated to the cloud, as it can serve as an opportunity to address outstanding fundamental problems that have been overlooked or underrepresented during their development.


True Isolation Makes the Public Cloud Work Like a Private Cloud
Ellen Rubin - Founder & VP of Products at CloudSwitch, Inc

Security is always mentioned as a key factor limiting cloud adoption, but what does "security" really mean in the cloud? To understand the potential risks of cloud computing - and how to address them - we need to be more specific. Once we've accurately defined the problems, we can address them with the right technology and processes. Here is a solution to allow applications to run safely in a public cloud.


Security vs Compliance in the Cloud
John Considine - Founder & CTO at CloudSwitch, Inc

Security is always top of mind for CIOs and CSOs when considering a cloud deployment. Here is a look into cloud security and the standards used to determine compliance.


Security Guidance for Critical Areas of Focus in Cloud Computing v2 PDF
Alex Meisel - CTO at Art of Defence GmbH
Company Profile: Cloud Security Alliance (CSA)

The Cloud Security Alliance's initial report, outlining areas of concern and guidance for organizations adopting cloud computing. The intention is to provide security practitioners with a comprehensive roadmap for being proactive in developing positive and secure relationships with cloud providers. Much of this guidance is also quite relevant to the cloud provider to improve the quality and security of their service offerings. As with any initial foray, there will certainly be guidance that we could improve upon. We will quite likely modify the number of domains and change the focus of some areas of concern. We seek your help to improve this guidance to make version 2.0 of this document an even better asset to the security practitioner and cloud provider. We will be kicking off numerous online activities and in-person regional events to share our findings and connect with experts to increase our knowledge base.


Is Cloud Security Really Different Than Data Center Security?
Judith Hurwitz - President & CEO at Hurwitz & Associates LLC

There are good reasons to plan a cloud security strategy, but in a sense, it's no different than planning a security strategy for your company. Before you start worrying about security in the cloud, get your own house in order. If you don't have a well executed internal security plan, that you're not ready for the cloud. Here are five issues to consider when planning your cloud security strategy.


Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Company Profile: National Institute of Standards & Technology (NIST)

NIST (National Institute of Standards and Technology) is positioning its working definition of cloud computing that serves as a foundation for its upcoming publication on the topic. Computer scientists at NIST developed this draft definition in collaboration with industry and government. It was developed as the foundation for a NIST special publication that will cover cloud architectures, security, and deployment strategies for the federal government.


Virtualization Security Testing
Michael Berman - CTO at Catbird Networks, Inc

Virtualization Security Testing


Cloud Security
Company Profile: Cloud Security Alliance (CSA)

Cloud Security


Virtualization Security Roundtable
Michael Berman - CTO at Catbird Networks, Inc

Virtualization Security Roundtable


HyTrust Authentication/Authorization
Michael Berman - CTO at Catbird Networks, Inc

HyTrust Authentication/Authorization


Does Private Cloud Equal Secure Cloud?
John Pescatore - Security & Privacy Expert at Gartner, Inc

Whenever the word "private" is included in the name of technology, many people leap to the conclusion that security is built in.


VMsafe Virtual Firewalls
Michael Berman - CTO at Catbird Networks, Inc

VMsafe Virtual Firewalls - Guest: Todd Ignasiak from Altor Networks


Private Virtual Infrastructure for Cloud Computing PDF
Company Profile: University of Maryland at Baltimore

By F. John Krautheim. Abstract: Cloud computing places an organization’s sensitive data in the control of a third party, introducing a significant level of risk on the privacy and security of the data. We propose a new management and security model for cloud computing called the Private Virtual Infrastructure (PVI) that shares the responsibility of security in cloud computing between the service provider and client, decreasing the risk exposure to both. The PVI datacenter is under control of the information owner while the cloud fabric is under control of the service provider. A cloud Locator Bot pre-measures the cloud for security properties, securely provisions the datacenter in the cloud, and provides situational awareness through continuous monitoring of the cloud security. PVI and Locator Bot provide the tools that organizations require to maintain control of their information in the cloud and realize the benefits of cloud computing.


The Case for Enterprise Ready Virtual Private Clouds PDF
Company Profile: University of Massachusetts, Amherst

By Timothy Wood and Prashant Shenoy, University of Massachusetts Amherst; Alexandre Gerber, KK Ramakrishnan, and Jacobus Van der Merwe, AT&T Labs - Research. Abstract: Cloud computing platforms such as Amazon EC2 provide customers with flexible, on demand resources at low cost. However, while existing offerings are useful for providing basic computation and storage resources, they fail to provide the security and network controls that many customers would like. In this work we argue that cloud computing has a great potential to change how enterprises run and manage their IT systems, but that to achieve this, more comprehensive control over network resources and security need to be provided for users. Towards this goal, we propose CloudNet, a cloud platform architecture which utilizes virtual private networks to securely and seamlessly link cloud and enterprise sites.


Contributions Results for Developers: Cloud Security

Showing 1 - 20 of 55 Next > Last >>

Cloud Security Deep Dive
Subra Kumaraswamy - Security at Independent

In this webcast, the three coauthors of "Cloud Security and Privacy" take a deep dive into cloud security issues and focus on three specific aspects: 1 data security: 2 identity management in the cloud, and; 3 governance in the cloud (in the context of managing a cloud service provider with respect to security obligations).


Cloud Security and Privacy
Subra Kumaraswamy - Security at Independent

This webcast discusses current issues in cloud computing with regards to security and privacy. The presenters are the three coauthors of a recent published book, "Cloud Security and Privacy." In this webcast, they discuss cloud issues with infrastructure and data security, identity management, security management, privacy considerations, audit and compliance, Security-as-a-Service (cloud-based security solutions), and the impact of cloud computing on traditional IT.


Cloud Security & Privacy
Subra Kumaraswamy - Security at Independent

In this webcast, the authors of "Cloud Security and Privacy" discuss cloud computing's SPI delivery model, and its impact on various aspects of enterprise information security (eg, infrastructure, data, identity and access management, security management), privacy, and compliance. Security-as-a-Service and the impacts of cloud computing on corporate IT is also discussed.


Analyst Take: Infrastructure Protection
John Pescatore - Security & Privacy Expert at Gartner, Inc

VP and Distinguished Analyst at Gartner, John Pescatore, discusses ways to validate your Infrastructure Protection Strategies.


Security in the Cloud
John Engates - CTO at Rackspace Hosting, Inc

Security in the Cloud


RSA Conference: FEA-303: Virtualization Security (Registration Required)
Michael Berman - CTO at Catbird Networks, Inc

This panel discussion and QA covers the state and possible future for virtualization security. Panel session with: Andreas Antonopoulos - Sr. Vice President, Nemertes Research Christofer Hoff - Chief Security Architect, Unisys Simon Crosby - CTO, Citrix Systems Stephen Herrod - CTO and VP of R&D, Vmware Michael Berman - CTO, Catbird


Defending Inter-VM Attacks
Amir Ben-Efraim -

Defending Inter-VM Attacks


Improving Vulnerability Management with Penetration Testing
John Pescatore - Security & Privacy Expert at Gartner, Inc

John Pescatore, from featured analyst firm Gartner, who discusses the overall state of security, including recent attack trends


Federated Identity Management in Cloud Computing
Mitesh Soni - Senior Software Engineer at iGATE Patni

“Identity” consists of a “set” of information based on context, allied with a definite entity (End User or System). Identity Management should include: Identity Provisioning, De-Provisioning, Identity Information Security, Identity Linking, Identity Mapping, Identity Federation, Identity Attributes Federation, Single Sign On, Authentication and Authorization. With the adoption of cloud services, the organization’s trust boundary has become dynamic. It has moved beyond the control of IT. Identity & Access Management is a critical requirement considering data sensitivity and privacy of information have become increasingly an area of concern in cloud.


Tokenization for Cloud Data Protection
Gerry Grealish - Vice President, Marketing & Products at PerspecSys

This paper offers a high-level overview of tokenization as a data protection and obfuscation technique in the cloud. It also discusses the PCI Data Security Council’s tokenization standards.


Intel Cloud Builders Guide to Cloud Design and Deployment on Intel Platforms
Company Profile: CloudSwitch, Inc

Cloud on-boarding with CloudSwitch. For enterprise IT organizations who are looking to securely utilize public clouds and existing data center infrastructure, the decision to use a cloud for the delivery of IT services is best done by starting with the knowledge and experience gained from previous work. This reference architecture outlines how to extend the data center into the cloud using CloudSwitch software with Intel Xeon processor 5600 series servers. This paper, which includes detailed scripts and screen shots, should significantly reduce the learning curve for building and operating your first cloud computing infrastructure.


Domain 10: Guidance for Application Security V2.1 PDF
Alex Meisel - CTO at Art of Defence GmbH
Company Profile: Cloud Security Alliance (CSA)

Picking up from the latest Cloud Security Alliance papers, Domain 10: Guidance for Application Security V2.1 explores some of the challenges that organizations have encountered with application security for cloud computing. Domain 10 provides an upfront analysis, covering the traditional aspects of managing information confidentiality, integrity and availability, as it is central to documenting the classification of data handled by the application and will influence many of the design decisions. It also elaborates on situations for existing applications that are migrated to the cloud, as it can serve as an opportunity to address outstanding fundamental problems that have been overlooked or underrepresented during their development.


Security Guidance for Critical Areas of Focus in Cloud Computing v2 PDF
Alex Meisel - CTO at Art of Defence GmbH
Company Profile: Cloud Security Alliance (CSA)

The Cloud Security Alliance's initial report, outlining areas of concern and guidance for organizations adopting cloud computing. The intention is to provide security practitioners with a comprehensive roadmap for being proactive in developing positive and secure relationships with cloud providers. Much of this guidance is also quite relevant to the cloud provider to improve the quality and security of their service offerings. As with any initial foray, there will certainly be guidance that we could improve upon. We will quite likely modify the number of domains and change the focus of some areas of concern. We seek your help to improve this guidance to make version 2.0 of this document an even better asset to the security practitioner and cloud provider. We will be kicking off numerous online activities and in-person regional events to share our findings and connect with experts to increase our knowledge base.


Private Virtual Infrastructure for Cloud Computing PDF
Company Profile: University of Maryland at Baltimore

By F. John Krautheim. Abstract: Cloud computing places an organization’s sensitive data in the control of a third party, introducing a significant level of risk on the privacy and security of the data. We propose a new management and security model for cloud computing called the Private Virtual Infrastructure (PVI) that shares the responsibility of security in cloud computing between the service provider and client, decreasing the risk exposure to both. The PVI datacenter is under control of the information owner while the cloud fabric is under control of the service provider. A cloud Locator Bot pre-measures the cloud for security properties, securely provisions the datacenter in the cloud, and provides situational awareness through continuous monitoring of the cloud security. PVI and Locator Bot provide the tools that organizations require to maintain control of their information in the cloud and realize the benefits of cloud computing.


The Case for Enterprise Ready Virtual Private Clouds PDF
Company Profile: University of Massachusetts, Amherst

By Timothy Wood and Prashant Shenoy, University of Massachusetts Amherst; Alexandre Gerber, KK Ramakrishnan, and Jacobus Van der Merwe, AT&T Labs - Research. Abstract: Cloud computing platforms such as Amazon EC2 provide customers with flexible, on demand resources at low cost. However, while existing offerings are useful for providing basic computation and storage resources, they fail to provide the security and network controls that many customers would like. In this work we argue that cloud computing has a great potential to change how enterprises run and manage their IT systems, but that to achieve this, more comprehensive control over network resources and security need to be provided for users. Towards this goal, we propose CloudNet, a cloud platform architecture which utilizes virtual private networks to securely and seamlessly link cloud and enterprise sites.


Defining a dWAF to Secure Cloud Applications PDF
Alex Meisel - CTO at Art of Defence GmbH

Cloud computing was not designed for security, although organizations such as Cloud Security Alliance (CSA) and Open Web Application Security Project (OWASP) are taking great strides in helping the industry solve the myriad of security problems confronting cloud computing. The benchmark guidelines established by the CSA in their document, Guidance for Critical Areas of Focus in Cloud Computing, is a great first step. This paper is intended to pick up where the CSA guide left off in terms of defining what a distributed web application firewall (dWAF) should look like in order to meet the standards set within the CSA document. It also includes recommendations and practical use-cases.


Teleworking in the Cloud: Security Risks and Remedies
John Pescatore - Security & Privacy Expert at Gartner, Inc

Companies have many cloud computing choices to make when office applications and servers disappear from the IT department. If security is not built in, incidental costs will outweigh any cost savings.


Securing Applications Using WebSphere sMash Applications on Amazon EC2
Dustin Amrhein - Technical Evangelist, WebSphere Emerging Technologies at IBM

This article walks users through securing WebSphere sMash applications deployed on the Amazon Elastic Compute Grid. It illustrates how to secure applications using both HTTP basic authentication and Secure Socket Layer (SSL) methods.
Securing applications using WebSphere sMash on Amazon EC2 dustin_amrhein This is a tutorial that walks users through securing WebSphere sMash applications deployed on the Amazon Elastic Compute Grid. The tutorial illustrates how to secure applications using both HTTP basic authentication and Secure Socket Layer (SSL) methods.

Cool Vendors in Infrastructure Protection, 2009
John Pescatore - Security & Privacy Expert at Gartner, Inc

Chief Information Security Officers and other security decision makers should be prepared to consider inovative, new infrastructure protection vendors. They won't necessarily be appropriate for every enterprise, but their offerings and business models point to new directions in their market spaces.


Cool Vendors in Software-as-a-Service Security, 2009
John Pescatore - Security & Privacy Expert at Gartner, Inc

Gartner's first set of cool vendors in software-as-a-service security addresses the growing demand for agile, responsive, cost effective solutions with highly innovative offerings. Use this research when evaluating technology trends and future needs.


Trustworthy Virtual Cloud Computing
Company Profile: North Carolina State University

Abstract: Virtual cloud computing is emerging as a promising solution to IT management to both ease the provisioning and administration of complex hardware and software systems and reduce the operational costs. With the industry’s continuous investment (e.g., Amazon Elastic Cloud Computing, IBM Blue Cloud), virtual cloud computing is likely to be a major component of the future IT solution, which will have significant impact on almost all sectors of society. The trustworthiness of virtual cloud computing is thus critical to the well-being of all organizations or individuals that will rely on virtual cloud computing for their IT solutions. This project envisions trustworthy virtual cloud computing and investigates fundamental research issues leading to this vision. Central to this visi ....
Cloud security fears outweigh savings, but perhaps not for long
By: William Jackson
Security concerns about cloud computing outweigh the potential cost savings by a 2-1 margin in a recent survey of government and industry IT professionals, but economic pressures are slowly driving a move to the cloud. Only 32 percent of those questioned in the study conducted by automated compliance auditing company nCircle said that cost savings outweigh security issues, but that is an increase of 6 percent from last year. Thirty-five percent said they are already are doing some cloud computing, up from 24 percent last year, and another third are considering the move.
read the full article >>
Gazzang Pushes MySQL Database Encryption, Cloud Security
By: Brian Prince
Gazzang wants to make cloud computing safe for enterprises—a goal that for the company begins with encrypting data. Its product, ezNcrypt, is used to encrypt MySQL database transactions and data. In its latest edition, ezNcrypt now includes public/private key encryption and integration with leading HSM (hardware security module) technologies, as well as OpenSSL engine support.
read the full article >>
RSA Conference: Security Issues from the Cloud to Advanced Persistent Threats
By: Brian Prince
The 20th annual RSA Conference in San Francisco came to a close Feb. 18, ending a week of product announcements, keynotes and educational sessions that produced their share of news. This year's hot topics: cloud computing and cyber-war.
read the full article >>
RSA conference looks at online vulnerability
By: James Temple
The hottest trends in technology also represent some of the gravest threats to corporate data security. Mobile devices, social networking and cloud computing are opening up new avenues for both cyber criminals and competitors to access critical business information, according to speakers at this week's RSA Conference 2011 at San Francisco's Moscone Center and a survey set for release this morning.
read the full article >>
Virtualization can be key to cloud security, RSA chief says
By: Jaikumar Vijayan
SAN FRANCISCO -- Virtualization technologies can help enable better security and control in cloud computing environments, RSA chief Art Coviello said today. In a keynote address at the RSA Security Conference here, Coviello struck an optimistic tone on cloud security issues. While he acknowledged some of the concerns enterprises might have about moving data and applications to the cloud, he said that approaches to addressing any issues are closer than many think.
read the full article >>
RSA Conference study to reveal cloud frustration
By: Angela Moscaritolo
Security practitioners are working to safeguard cloud computing environments but believe they need more education and training, according to a soon-to-be released study conducted by analyst firm Frost & Sullivan. The “2011 Global Information Security Workforce Study,” set to be released next week at the annual RSA Conference in San Francisco, polled more than 10,000 security pros from 100 countries about the state of the industry, Rob Ayoub, global program director at Frost & Sullivan, said Wednesday during a pre-show analyst conference call.
read the full article >>
CloudPassage Launches Itself, New Cloud VM Security Package
By: Chris Preimesberger
MENLO PARK, Calif. -- Whenever a survey, whitepaper or other industry research comes out evaluating cloud computing, most of the attributes of this trend-setting style of IT receive a ton of praise. However, if there is a hesitation on a potential customer's part about investing capital into such a system, the No. 1 point of contention is invariable: security. If it's outside your firewall, logic says, it's out of your control. God knows what can happen to precious business data in the care of someone else who doesn't care about it as much as you have to. Now there is something new to be considered. If a new startup, CloudPassage, is to be believed—and it indeed states a strong case—those security issues may soon be history.
read the full article >>
Security Emerges From the Cloud
By: Andrew Bond
Trends come and go quickly in the stock market, especially in the technology sector, where the hot money is always looking for the next big thing, but the buzzword for 2010 was most definitely the cloud. It was a year when Marc Benioff's salesforce.com continued to emerge as a leader in the cloud, and investors took notice as shares in the company's stock increased by more than 80%. Other companies such as VMware also made huge advances this year as the cloud business continued to grow. Even Microsoft gave cloud computing the old Mr. Softy try with its advertising campaign that would have you believe it was a cloud computing leader if you didn't know any better.
read the full article >>
6 Security 'Must Haves' For Cloud Computing
By: David Roe
Over the past few months, we've identified a considerable amount of research by both vendors and independent researchers that indicates many companies in the enterprise and SMB spaces are looking at cloud computing to cover their IT needs. The research also shows however, that security concerns are holding them back.
read the full article >>
Cloud Consortium Releases Security Compliance Tools
By: Mathew Schwartz
The Cloud Security Alliance (CSA) on Wednesday announced the release of a new governance, risk management, and compliance stack for cloud computing. The suite of cloud security tools, available for free download, is meant to help organizations create public and private clouds that comply with industry standards for accepted governance, risk, and compliance (GRC) best practices.
read the full article >>
White House Proposes Cloud Security Standards
By: Mel Duvall
"The Obama administration is looking to take some of the risk out of cloud computing by proposing a set of standard security requirements that would apply to all federal agencies and contractors."
read the full article >>