I was reading an article by Larry Walsh, over at Channel Insider earlier today. It is called “A Certificate to Prove You Are Cloud Worthy“. I think it should be a certificate to prove you are cloud savvy, but that is another story. In any event the CSA is going to start offering a Certificate of Cloud Security Knowledge. Hey why not. The security industry certainly does not suffer from any shortage of different certificates to attest to your knowledge or thirst for certificates. Why not add one more to the list. BTW if you are interested you can download the materials to prepare for the test from the CSA site and they are offering a 100 dollar discount between now and the end of the year.
Perhaps more importantly though, this got me thinking again about cloud security. For the last 8 or 9 years I have heard the security industry say we need “security baked in, not bolted on”. Even here at Alert Logic, the SaaS security solutions monitor your cloud infrastructure for alerts and compliance. Almost by definition that is bolted on security. And it is not Alert Logic alone on this. Our entire security industry is based on the same paradigm.
With the cloud we have a chance to change the rules. Security can be baked in. We are seeing it with some of our cloud provider partners, baking in the Alert Logic SaaS solutions right into the stack. This baked in security by design can be a game changer.
In my last two articles I wrote about Google Apps and security concerns. None of those security concerns dealt with the ability to detect attacks, vulnerabilities or monitor logs and such. They dealt with secure architecture. The cloud does offer some twists and wrinkles different than an enterprise. Data is on a shared platform. Access to that data could be by users who are not your employees.
The cloud needs security architects. Not the people who architect where a firewall goes or how to route traffic, but how to design secure infrastructure. This is a huge need and if I were getting into security today, it is something I would want to be in.
I would love to see the CSA offer a course and certification in designing secure cloud infrastructure. How about it?
Related articles by Zemanta
- A Certificate to Prove You’re Cloud-Worthy (blogs.channelinsider.com)
- Is PaaS Really Going To Replace SaaS? Even For Security? (securecloudreview.com)
- Does Google Apps FISMA Certification Mean Its Secure? (securecloudreview.com)
- The Secure Cloud Needs More Than Subscription Pricing (securecloudreview.com)
- What Google Apps for Government Means for Small Business (pcworld.com)
- Openstack Joins Cloud Audit (diversity.net.nz)
{ 1 comment… read it below or add one }
According to cloud security experts, after-market, or bolted-on security approaches were acceptable years ago, but are now ineffective. There are different ways to ensure security in the cloud, depending on the level of responsibility the service provider should take, versus the initiative of the customer.
At the ccskguide.org, we take a look at the security issues around cloud computing and help prepare candidates for the CCSK Cloud Security Certification. Check out our blog post which compares different approaches to security in the cloud: http://ccskguide.org/2011/03/cloud-security-baked…