Cloud Security - A New Approach to Risk Management
The advent of cloud computing has caused security professionals to revisit their risk assessment profiles. There is more risk, this is clear, and therefore there needs to be a closer evaluation of which risks are acceptable and which are not. That;s one difference caused by the cloud.
But it runs a lot deeper than that. Cloud computing means that the enterprises are outsourcing the basic infrastructure to an outside party, therefore they no longer control the infrastructure. Many of the traditional security measures focus on the infrastructure. Also, the ability of the user enterprise to test the system is often limited.
This new environment means that there must be more attention paid to the applications being used. Which in turn means the security professionals need to have a greater understanding of their business and how those needs translate into applications deployment.
This is a challenging arena, and many of the answers are being worked out. Recently, at the RSA Conference in San Francisco, a panel addressed these issues. A transcript and podcast of the discussion can be found on this website.