Cloud Computing: Securing a Business Advantage in the Cloud
Over the last few months I've been working on a Point of VIew around secure cloud computing with Mary Ann Mezzapelle, chief technologist for Security Services for HP in the Office of the CTO, and my colleague from HP Enterprise Services. That effort has resulted in the following white paper:
Security and Cloud Services - Securing a business advantage
Simply, the usage of cloud services is seeing explosive growth, offering compelling, scalable, and elastic solutions in addition to benefits such as on demand, pay-per-use, and even resilience over existing Internet protocols. Because of this, vendors of all types are marketing a broad spectrum of products and solutions as “cloud services,” even relabeling their existing products with cloud terms. As a result, many organizations, and often individual business units, are jumping headlong into cloud computing, or—at the other extreme—trying to avoid it however possible. Because there is so much hype and confusion around the word and the concept, HP approaches cloud services as an opportunity to re-examine both business and IT strategies, with a focus more on desired outcomes and specific deliverables—for example, new compute capacities that adjust with business needs and offer countless ways to deliver.
The concept of cloud services aligns closely with the HP strategy and vision for our partners and clients of "Everything as a Service" (EaaS).
Many definitions exist for cloud, and most align with HP's, as well as extend the previous memes of Web 2.0 and distributed computing. In a nutshell, it is a means by which highly scalable, technology enabled services can be easily consumed over the Internet on an as-needed basis.
However, this definition, like most others, doesn't accommodate any requirement for proper or even minimal security, assuming perhaps that security is inherent. This is far from the reality. Although many cloud service providers incorporate security into their approaches, they rarely align their security solutions with traditional enterprise client security approaches for reasons of scale, flexibility, and cost.
Fundamentally, many clients and providers of cloud services achieve these obvious benefits at the expense of security - this may be a strategic choice taken with adequate risk analysis and consideration, but that is the rarer case.
HP believes that secure cloud computing will allow you to more rapidly evolve business strategy. By refining your security requirements, there is the opportunity to identify cloud services to enable business outcomes while maintaining your security posture.
This white paper details the approach and taxonomy that we think about when trying to consider cloud services and appropriate security to ensure you can gain a business advantage.
For more information you can check out HP's new "Secure the Cloud" site, which incorporates a FAQ, many links to related information, and other downloads.
Cloud Computing: Top 5 cloud computing security problems answered
The benefits of cloud computing are clear, but many businesses are still wary of the security implications. How can you be assured that your data is as safe in the cloud as it is in your own data center? What are the security pros and cons of public vs. private cloud? Are there security assurance certifications that you should ask of your service provider?
We've just finalized a set of informative write-ups, white papers, blog entries and tips for dealing with cloud security - public and private - HERE
To frame the requirements, we compiled an FAQ to help better understand cloud security. More than that, this site serves as a topical resource page, one you’ll want to bookmark as we plan to update it regularly. We’ve listed a myriad of links to white papers, blog posts, associations and other Web articles under each answer so you can research more information.
