Doug on Cloud

Blog archive

Cloud Alliance Fights to Secure the Ether

The Cloud Security Alliance is a who's who of important cloud vendors, everyone from eBay to Citrix to Microsoft and VMware. The group, as its name indicates, exists to make cloud computing safer. And a safer cloud is one more customers will go for, which is the profit for this non-profit group.

The alliance has made a couple of recent moves. In one, it publicized guidelines for encrypting data-in-use.

Their main point is "it is critical that the customer, and not the cloud service provider, is responsible for the security and encryption protection controls necessary to meet their requirements," the group says.

One key area of data-in-use is e-mail, and here the group hopes customers can achieve the best of both worlds, to both encrypt that data but still be able to search and sort messages. The alliance "recommends encrypting data before it goes to the cloud and maintaining segregation of duties by keeping the encryption keys in the direct control of the customer, not the cloud provider."

Much of the guidance is based on alliance member Vaultive, which handles encryption three ways: "encryption of data-at-rest, data-in-transit and data-in-use -- as well as limiting access to the encryption keys exclusively to authorized users within the organization where the data originates, and trusted parties," the alliance reports.

The group also recently addressed mobile cloud security in a 60-page report. The report addresses three main areas: defining mobile computing in the context of cloud computing, the state of mobile and mobile threats, and then a detailed look at various categories of mobile (BYOD, app stores, etc.) and their security considerations.

"Besides preserving data security and managing a myriad of personal devices, companies must also consider a new set of legal and ethical issues that may arise when employees are using their own devices for work," says alliance member Cesare Garlati, co-chair of the CSA Mobile Working Group. Score all the deets here.

Posted by Doug Barney on 12/11/2012 at 12:47 PM


comments powered by Disqus

Virtualization Review

Sign up for our newsletter.

I agree to this site's Privacy Policy.