On Wednesday, August 1, DC ACM hosted the presentation, “Cloud Computing: Where Are We on Security?” given by Dr. Harry J. Foxwell, an Adjunct Professor in the Computer Science Department at George Mason University, and Principal Consultant for Oracle Corporation. During the presentation, held at Radio Free Asia in Washington, DC, Foxwell covered a number of the security concerns that should be considered before implementing, while administering, and before decommissioning a cloud or cloud component.
He began by defining a cloud using the definition provided by the National Institutes of Standards and Technology (click here for details). Foxwell then outlined the security risks involved with implementing a cloud solution and procedures to handle these risks. According to Foxwell, many of the challenges that exist for a distributed system also exist for a cloud such as security governance, auditing and compliance, and access management.
However, unlike distributed systems, clouds introduce concerns associated with the handling of decoupled resources and the sanitization and the validation of resources. To reduce the risks presented by cloud implementations, Foxwell suggested compartmentalizing cloud resources, attempting to encrypt and validate all data, and monitoring and logging all VM activity, among other security measures.
While some security risks can be circumvented, according to Foxwell, others have yet to be resolved, including how to handle resource cleanup as data can remain in hardware cache, and how to quickly and intently respond to an event in the cloud. Lastly, Foxwell recommended Securing the Cloud By Vic Winkler as further reading.
Given how everything seems to find its way to the cloud these days, this presentation was topical and illuminating, but also concerning. Among all of the cloud implementations that exist, you have to imagine that at least a few are just distributed systems that, as Foxwell put it, have been “cloudified” (transferred to a cloud without much forethought).
The slides from Foxwell’s presentation are available to members of the DC ACM meetup group.