When it comes to the secure hybrid cloud, Identity has many different definitions from a device a user is using to the combination device, location, password, and other multi-factor authentication means. Even with all the technology there is still the question of where the identity store lives (the bits that contain the identity for all users, devices, etc.) as well as how do you prove identity once the user goes somewhere within the cloud which is outside your control?
I have written about the Public Cloud Reality and the need to bring your own security, monitoring, support. This was reinforced by Dave Asprey of Trend Micro at the last Cloud Security Alliance Summit held at this years RSA Conference. The gist of Dave Asprey’s talk was that YOU are responsible for the security of your data, not the cloud service provider.
On the 6/2 Virtualization Security Podcast, Rich Mogull, an analyst for Securosis, joined us to discuss his work with the Cloud Security Alliance (CSA) to develop the two day course called the Certificate of Cloud Security Knowledge (CCSK). While this course is not about learning all the intricacies of cloud security it is about providing a level set of knowledge required to even begin to talk about cloud security.
Last month Verizon expanded its Computing as a Service (CaaS) cloud computing offering. The expansion itself is not surprising. The interesting tidbit is that Verizon has Carrier Status and therefore different laws apply to them than any other cloud provider that does not have this status, such as Amazon EC2, Terramark, etc. Will cloud computing providers be the next internet service provider? If so will they have to battle to not be responsible for the content within their clouds, as did internet service providers with the battle that ensued over the Communications Decency Act?