Skip to main content

Security Strengths of Cloud Services

As the debate rages on the direction of 'cloud' computing - which is really just 2.0 word for "software-as-a-service' or SaaS - there are in my opinion a few security benefits which make cloud based services a more secure option for some.

1.  Common platform.  Using a single service platform has the advantage that if a vulnerability exists in the service, it only takes one remedial fix.  This is unlike unique implementations of similar products in each customer, where vulnerabilities can go unnoticed, unpatched, and exploited for long periods of time.  

This glass can also be half-empty though and a single problem or weakness can affect of the service customers.  But if my own experiences with using common platform products (like my macbook) are any indication, I would rather have a problem that all of the product's customers have and that will attract the required attention from the vendor at risk of losing them.

2.  Service agreements.  Mature formal service agreements which are designed to effectively control the services being provided and outline the expectations of both provider and customer are likely to be designed to be fair and open.  This results in communities of customers being able to influence the providers terms.  This includes provisions for security, availability, audit-ability, etc.

3.  Focus on Information.  Many of cloud computing's opposition will argue that if there can be no inherit trust in a 3rd-party system then how can there be any security afforded to the information itself.  I see this as quiet the opposite - if trust cannot be clearly defined, then a conscious decision to keep sensitive data off the service can be made.  This contrasts the current internal service model, where an organization's staff falsely promote the trust of insecure systems, and this results in data at risk without any knowledge of these risks.

4.  Extensions.  As FireGPG is evidence of, many innovator's are equipping cloud service users with tools to do so securely - or to build a layer of trust on top of these services.  This builds on the previous point in which the cloud can be explicitly defined as untrusted, and used for only what it can provide to the secure or trusted layer like transport and storage in the case of secured email.

5.  Buy the availability that you need.  Most services including the invaritable google apps platform provide easy to understand availability service levels.  GAPPS STATS.  While the previous strengths mostly focus on ensuring the confidentiality and integrity of information being manipulated, most cloud services are designed to be purchased depending on the amount of availability required.

The one reality is that the ever-connected nature of cloud services require a supporting level of connection to that particular portion of the Internet, as everyone knows from time-to-time there are interruptions to these connections which no one can control - we are still using the same network that has evolved from simple connections between defense entities and educational institutions.

I would be very interested in what other people's perceptions of the security/insecurity debate of cloud computing.  Here are a few examples a quick cloud search provides:


Popular posts from this blog

Consumer Benefits of Credit Card Security

Recently, new types of credit card security features have be debuted, such as this one from Visa. And as some of the comments on Bruce Schneier's blog point out, its questionable how effective this is. I want to figure out what the motivation is behind these ideas, as it appears banks and the major credit card brands are not completely transparent about the benefits to the consumer. My example is this, one source has that in 2005 $2.8 million was lost due to credit card fraud from Visa and MasterCard in Canada alone. These costs are absorbed by the credit card companies as they protect their cardholders from liability, but as can be expected these costs are directly applied to the card brand customers, people and merchants, in the form of fees and interest rates. Now lets say that card brands can deploy a technology to eliminate 90% of this fraud and associated insurance and liability costs. Likely a large savings both in Canada and globally. Would we, the public and mercha

OpenSolaris, ZFS, iSCSI and OSX - Creative Storage - Part II

In part I of this post, I looked at the simple steps required to setup a relatively simple storage solution using OpenSolaris, ZFS, iSCSI and OSX. This was about a month ago, and I've made some significant changes on how this is used for me. At the end of the last post I left off on the part dealing with configuration of the iSCSI initiator side of the solution. I stopped here because there were some issues related to the installation and use of the software. The iSCSI initiator that I was using was Studio Network Solutions GlobalSAN initiator (version which is used to allow for connections to their products. This software will also allow for connections to ANY iSCSI target! After the configuration of the iSCSI target on the ZFS pool, and installation of the client it was trivial to get the connection established with the storage pool, and it showed up in OSX as a raw disk which had not been formatted. I proceeded to format the disk as HFS+ and it then mounted as a lo

May Security Catch-up

Its been much too long since my last post - Sony's PSN network has been breached a few times , a record number of vulnerabilities have been published , and the US government has released a new set of cyber space strategies . On the cool tools and technologies there have been lots of notable releases: Some research from Albert Cotesi New Zealand on the traffic flowing from IOS to 3rd parties, now sniffable thanks to MITMProxy , and instructions on getting it working with IOS As always SQLmap is making life easier for the vulnerability assessor and pen-tester. Microsoft has released an updated to the Enhanced Mitigation Experience Toolkit - I'll be looking into this over the next few weeks, and how it can be applied practically. New major version of Backtrack also released, for those of you that are still relying upon live-cd's as a source for tools.