Tutorial:

Security issues in cloud computing

searchDataCenter.in

One of the major issues slowing cloud computing growth is security. No matter how many security management tools are released or assurances of reliability are made, complications with data privacy and data protection continue to plague the market. This primer on cloud computing security contains all our recent cloud security stories, and the information within ends up begging the question: Will things get worse or better for security in the cloud?

Amazon EC2 attack prompts customer support changes
The founder of Bitbucket.org, a Web site hosted on Amazon Web Services (AWS), says a lack of Quality of Service (QoS) on Amazon's internal network led to problems diagnosing the fallout of a distributed denial-of-service (DDOS) attack on his AWS instance.

Learning to let go: A cloud security primer with George Reese
The founder of a cloud management firm discusses cloud cartography, the senselessness of developing a private cloud and the emotional issues involved in losing control of security.

Security challenges with cloud computing services
If your cloud provider uses encryption, key management becomes an issue. If your cloud service doesn't provide role-based access control, concerns about user authorization may arise. Discussing these and other best practices on cloud computing security may stir companies toward more secure environments.

Virtualization vulnerabilities leave clouds insecure
A study from MIT and The University of California, San Diego indicates that the base infrastructures of cloud computing services, such as Amazon Web Services (AWS), suffer from virtualization vulnerabilities that could lead to exposed virtual machine locations and side-channel attacks.

Amazon adds onetime password token to entice the wary
Amazon Web Services and security vendor Gemalto are partnering on onetime password devices for individual AWS accounts. The devices, however, work best as part of a two-factor authentication system, in conjunction with advanced monitoring and governance tools.

Novell tool to secure data and workloads in the cloud
Rather than enter the cloud computing market with guns blazing, enterprise software maker Novell is producing annexation technology tools that will shelter the cloud within the data center during processing and provide added security.

Private Virtual Infrastructure proposed to address cloud security issues
Numerous ideas have been proposed to strength cloud security. One suggestion, presented by F. John Krautheim of the University of Maryland, Baltimore County, describes a virtual data center bound to a cloud infrastructure through security information and service-level agreements.

Trusted Cloud Computing Platform proposed to secure IaaS clouds
Maintaining security during data transfers is key for cloud computing providers, as information may be moving from a data center to a cloud and back again. The Max Planck Institute for Software Systems's plan for protecting this data is a Trusted Cloud Computing Platform to verify a user's virtual machine through a trusted virtual machine monitor and a trusted coordinator.

Researchers discuss virtual private clouds, coin CloudNet
The unlikely duo of the University of Massachusetts, Amherst and AT&T Research Labs has proposed CloudNet, a framework that joins virtual private networks (VPNs) and cloud services to form a seamless, well-coordinated resource management architecture.

Steve Cimino is the Assistant Editor at SearchCloudComputing.com. For more on this topic, check out our cloud security headquarters.

23 Oct 2009