Cloud Security Alliance and Palo Alto Networks Release Security Considerations for Private vs. Public Clouds
Blog Article Published: 06/17/2015
By Larry Hughes, Research Analyst, Cloud Security Alliance Cloud computing has the potential to enhance collaboration, agility, scale and availability, and provides opportunities for cost reduction through optimized and efficient computing. The cloud trend presents a momentous opportunity to revisit not only how we think about computing, but also how we think about information security. The Cloud Security Alliance (CSA) recently teamed up with Palo Alto Networks to produce a new whitepaper titled, “Security Considerations for Private vs. Public Clouds.” For purposes of definition, a public cloud deployment occurs when a cloud’s entire infrastructure is owned, operated and physically housed by an independent Cloud Service Provider. A private cloud deployment consists of a cloud’s entire infrastructure (e.g., servers, storage, network) owned, operated and physically housed by the tenant business itself, generally managed by its own IT infrastructure organization. While the title of the paper implies a primary focus on security, we took the opportunity to expand the conversation and incorporate a wider set of considerations including:
- Business and legal topics, including contracts, service level agreements, roles and responsibilities, and compliance and auditing. We touch on the importance of establishing principal business and legal feasibility early on in the process, before investing too much in technical requirements.
- Physical and virtual attack surface considerations including a look at vulnerabilities that are accessible to would-be attackers.
- Operational issues, including data migration, change management, logging, monitoring and measuring and incident management and recovery and the roles they play in determining which cloud deployment makes the most sense for an organization.