Cloud security is not an insurmountable challenge if you start with the premise that trust must be earned and verified, even internally, and then take the next step to take full responsibility to build out the security infrastructure required to support your business requirements and to comply with regulatory constraints. Let's start by considering the concept of a Policy Enforcement Cloud (PEC) that is elastic in nature and while loosely coupled from the application code is still able to deeply enforce fine-grained authorization decisions at both the edge and inside the containers across the distributed hybrid heterogeneous clouds where the data and business logic exist.
As you can see in the article on Cloud Computing Best Practices http://soa.sys-con.com/node/1103814 ...when the discussion of secure cloud integration comes up the risk seems to exceed the rewards because the conversation often stalls after realizing that a VPN is only one small part of the integration problem. We all need to look deeper into cloud security.
Saturday, September 19, 2009
Subscribe to:
Posts (Atom)