Trust and the cloud – Identities are critical - CA on Security Management

This Blog

Home
Contact

Syndication

Trust and the cloud – Identities are critical

Published: April 14 2010, 09:01 AM
by Tim Brown

Yesterday I participated in the first of two Business Software Alliance Cyber Security Forums taking place in April. This one was held in Brussels, Belgium and was the EU's third annual Cyber Security Awareness Day. Government officials from across Europe attended.

One of the hottest topics of the day was cloud security, and that was what my panel discussion focused on - Securing Cloud Identity and Infrastructure. This is a key focus for CA as we extend our enterprise identity and access management technologies to support cloud platforms.

Trust is one of the biggest factors when it comes to cloud security. It encompasses everything from a choosing a trusted cloud provider to establishing trust that you are who you say you are.

I could go on and discuss this issue for page after blog page, but for brevity sake, here are a few key thoughts about trust and cloud security. You also can find a few slides from the conference here.

How to choose a provider? This is a key challenge and there are multiple things to consider here - everything from the provider's security posture to where the data is stored. A cloud provider review or "consumer report" for cloud would help.

Embrace and Enable - The business needs will win out and cloud applications and infrastructure will be adopted. To ensure that security is not an afterthought, security professionals should embrace the cloud and enable the organization to securely use the cloud.

Identities are critical - On premises rules for identity management carry over to cloud and potentially become even more critical depending on the cloud environment.

User ID and Password are not enough
Strong authentication is needed
Claims based identity models could help, such as InfoCards, Open ID, etc.
Federation is a must to simplify and secure
Auditing and tracking - Proving compliance doesn't go away because you're using the cloud - it becomes more complex.

I'm interested in other's thoughts on trust and the cloud. Comments welcome on this blog, or if you're in Washington, D.C., on April 29 at the BSA Cyber Security Forum, we could catch up there.

Share this post: Email

Tags: Cloud Security, Cyber security, EU, Identity and Access Management

By: Tim Brown
Tim Brown is a vice president and the chief architect for Security Management at CA, Inc. With more than 20 years of information security expertise, Brown has been involved in many areas of security including threat research, vulnerability management, consumer and enterprise identity and access management...
Read More..

Comments:

No Comments

* An asterisk indicates a required field

* Name:

Website:

* Comment:

Remember Me?

Submit

CA Community

Trust and the cloud – Identities are critical

Leave a comment

Leave a Comment