Defining Best Practices in Cloud Computing
"While there are clearly benefits to investing in various cloud computing models, the lack of standards is concerning. Threats from data leakage to hypervisor attacks and unprotected APIs pose significant financial risk if not properly addressed. IOActive is excited to be part of the industry leading effort to define best practices for providing security assurance within Cloud Computing,"
—Josh Pennell, founder and President of IOActive
It is no surprise that the emergence of cloud computing and virtualization are creating a noticeable buzz across the IT space. As the market puts pressure on companies to increase productivity and decrease capital investments, solutions like distributed computing—that offer scalable systems with low overhead—are attractive options for management to consider. However, when you are responsible for the security of your network, the thought of migrating everything to an environment you don't actually own or control probably makes you cringe.
By now you've undoubtedly heard the mantra: "know where your data is, and know where your data is going." This concept is the cornerstone to data security, and plays a significant role in achieving and maintaining compliance with the Payment Card Industry Data Security Standards (PCI DSS). Most of the requirements hinge upon a merchant's ability to implement network access controls, and periodically test their effectiveness, which may be difficult to do in a cloud platform, where the underlying infrastructure is outsourced.
So how does a company leverage the benefits of cloud systems without jeopardizing security, or PCI compliance? The same way you would approach any new technology: by understanding the architecture, and selecting a platform that exposes you to the least amount of risk. As a founding member of the Cloud Security Alliance, IOActive can help your organization identify its existing risk and then map a course that provides the greatest security for your product or service by employing:
UPCOMING SPEAKING ENGAGEMENTS
RSA Europe
October 20, 1:30 pm. IOActive to present PCI Compliance in the Cloud: Analyzing Costs and Benefits
Secure World Seattle
October 28, 8:30–9:15 am. Ward Spangenberg to present PCI Compliance in the Cloud: Reality or White Fluff?
WEBCASTS
Compliance in the Cloud: Possibility or White Fluff?
October 13, 2009 | 60:00
This presentation will discuss cloud computing and the unique challenges it creates for organizations to achieve and maintain PCI compliance. While the popular new technology creates a new set of problems, Spangenburg will offer suggestions to capitalize on the benefits of cloud computing without sacrificing security or compliance.
Cloud Computing: It's not all fluffy and full of blue sky out there?
May 19, 2009 | 33:06
Ward Spangenberg will discuss the basics of cloud computing and the different cloud architectures including Software as a Service, Platform as a Service, and Infrastructure as a Service. While many companies are migrating to the cloud for its financial benefits, improved productivity, and greater flexibility, there are downsides—especially in regard to security, compliance, and data ownership. Following Spangenberg's evaluation of the benefits and challenges of cloud computing, he will offer advice for companies to leverage the benefits of cloud computing without jeopardizing security or compliance.
IOACTIVE IN THE NEWS
Articles and press releases discussing IOActive's activity around Cloud Computing.
- Josh Pennell to present at IDC's IT Security Conference
- IOActive's Ward Spangenberg to Present at Information Security Compliance and Risk Management Institute
- IOActive's Ward Spangenberg to Discuss Cloud Computing at CSA Federal Cloud Computing Symposium
FOR MORE INFORMATION
If you would like additional information or would like to speak with someone from IOActive about best practices in cloud computing, please contact us HERE.
