If you’ve been keeping up with the smart cloud folks, you probably won’t find anything exciting here- but below are some good general resources.
Properly deployed for appropriate purposes, cloud computing can be fantastic. I have moved most of my lab systems to a cloud environment and it has provided a huge improvement in my ability to test systems and deliver demonstrations. My employer uses cloud systems to deliver content and services for partners and customers more effectively that we could with internal resources. But, cloud computing is not for everyone, or for everything. You just need to research, plan, and migrate wisely.
There are a handful of very good cloud computing security documents out there, here are ones I recommend (some are pretty big PDFs):
Start with the NIST definitions doc, it was only two pages, but has been bloated to seven without adding value. Just read the last two pages, ignore the rest. It is not “security specific”, but is sets a common terminology for the rest:
http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145_cloud-definition.pdfMy new favorite cloud security reference is from the Australian Defence (yeah, they spell it funny over there) Signals Directorate; their Cloud Computing Security Considerations is great resource, and a great conversation starter for those considering a move to cloud computing. (It is 19 pages and an easy read, too). If you read only one, read this. And share it.
http://www.dsd.gov.au/publications/Cloud_Computing_Security_Considerations.pdfFor more meaty discussions of cloud security, it is hard to beat the documents recommended for those preparing to take the Cloud Security Alliance CCSK (Certificate of Cloud Computing Knowledge) exam:
CSA’s own “Security Guidance for Critical Areas of Focus in Cloud Computing V2.1” is not a light read, and is enterprise focused, but has a lot of good information.Speaking of CCSK, it is an interesting certification. I’ve recently passed the exam, and heartily recommend the study material- but the certification is probably of limited value to most people until “cloud” is better understood. As you would expect, CSA has an enormous amount of information on their site, covering a myriad of cloud concepts.
The other study document is the ENISA “Cloud Computing Risk Assessment”. It is also not a quick read, but has more small- to mid-sized business focus (reflecting its European origin).
A couple more references for those of you who want a broader understanding:
NIST also has a “Cloud Computing Reference Architecture” which needs some help in the area of readability, but is a good resource, especially for the discussion of cloud computing roles.This is by no means a complete, or even exhaustive list (although I do feel somewhat exhausted); it is just a pile of stuff that I hope will be helpful to those considering a move to cloud computing (or to those already in the clouds, but afraid of heights).
OpenCrowd’s Cloud Taxonomy is useful for help in categorizing cloud products and services and for understanding the categories.
Jack
