|
Cloud Computing Adoption Comes Down To Trust and Openness
by Tek-Tips |
|
The more we view the landscape in the weeks before the RSA Conference, the more we see a host of startling developments.
The latest example? According to the Wall Street Journal, it looks like the US electrical grids have been infiltrated - another dark reminder about what we face out there. That’s not it. Conflicker is back in a new form. TrendLabs have this evening discovered a new variant of Downad/Conficker called WORM_DOWNAD.E spreading over the peer-to-peer functionality of the previous version of this now infamous worm.
It’s no wonder that a group of vendors are coming together to form a security alliance around cloud computing.
The trade group is called the Cloud Security Alliance. And it is launching at RSA. The group’s goal is to educate people about cloud computing security. A number of vendors are signing up to be members. They’ll be releasing a white paper at the conference.
But it’s always the users that have the real say in how a community grows. The vendors play a critical role. The good ones work with the users. They go out and do the hard work, developing standards, hammering out identity issues and authentication. They gain support by doing what needs to be done so the rest of the world gets it. They embrace openness so the entire community grows and diversifies.
We ran across this post on the IBM web site that sums up why the open way may be the best way of all.
What we find refreshing is that the author wrote this article eight years ago but the premise still rings true today. The article quotes Eric S. Raymond, author of the New Hacker’s Dictionary and “The Cathedral and the Bazaar.”
“The apparent paradox that openness about your methods leads to better security is not unique to computer software — military and diplomatic cryptographers have known for a century that it is folly to depend on the secrecy of your encoding method rather than the secrecy of your keys,” says Raymond.
According to Raymond and fellow open source supporters, open source is the only real option for secure operating systems. For one thing, closed source applications and operating systems can’t be examined and verified for secure coding. A revelation of previously secret code almost always leads to the discovery of additional flaws and security holes. In addition, closed proprietary code makes it difficult to distribute trustworthy fixes when a hole or mistake is revealed….
Remember this?
Just take the April 2000 event that had webmasters and systems administrators shaking in their shoes. After four years it was discovered that Microsoft programmers had inserted a back door in their popular FrontPage Web server software. It was the very fact that the software code was “concealed” in opaque binary form that kept this security breach unknown to the public for so long.
How will the Cloud Security Alliance prevent such abuse from happening? We hope they will take a cue from folks like Sam Johnston.
Johnston is leading an effort for the “Open Cloud.” Vendors who use the Open Cloud mark would be committed to an open framework. From his letter, which he published Monday on his blog:
Cloud computing users will soon be able to rest assured that offerings bearing the “Open Cloud” brand are indeed “open” in that critical freedoms (such as the right to access one’s own data in an open format via an open interface) are strongly protected. It will also ensure a level playing field for all vendors while keeping the barriers to enter the marketplace low. Offerings also bearing the “Open Source” mark will have additional freedoms relating to the use, modification and distribution of the underlying software itself.
Openness. Isn’t that the best way to build trust?
Tags: Cloud Computing, cloud computing alliance, open cloud, RSA, Security
This entry was posted on Wednesday, April 8th, 2009 at 12:38 PM and is filed under Community Manager. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Comments
-
Sam Johnston says:
In answer to your question, yes.
Sam
Like or Dislike:
0 
0 -
Hi:
Just to be clear, the Cloud Security Alliance is NOT in any shape or form a “trade group.”
The CSA is a not-for-profit organization that includes BOTH suppliers/vendors and consumers of Cloud Computing goods and services.
It is not a standards body. It is not a mouthpiece for vendors. It is not lobbying organization and it is most certainly NOT a trade group.
To your point, what you said is exactly the reason we formed the CSA:
“But it’s always the users that have the real say in how a community grows. The vendors play a critical role. The good ones work with the users. They go out and do the hard work, developing standards, hammering out identity issues and authentication. They gain support by doing what needs to be done so the rest of the world gets it. They embrace openness so the entire community grows and diversifies.”
Well said.
I think it’s incredibly important to ensure this is well understood given recent events.
Regards,
Christofer Hoff
CSA Founding Member & Technical AdvisorLike or Dislike:
0 0 -
The group is basically not for profit and more for education and awareness purposes.
Like or Dislike:
0 0
|
| Making The Buy For Trust Seal For ease of access, we have added a 'Buy' button to the very top of the Trust Seal landing page. This helps to ensure that it is easily visible and accessible to users and that it doesn't get missed further... VeriSign At SES The VeriSign Authentication team was at SES last week talking up the VeriSign Trust Seal which was recently launched in February, and Seal-in-Search - a service where search engine users can see the VeriSign Trust Seal next to sites protected... VeriSign Now a Symantec Company We are very excited to be a Symantec company! If you haven't already heard, VeriSign has been acquired by Symantec. The deal was made official on August 9, 2010. We are very excited about new opportunities for increasing and offering... |
|
| PayPal UK Launch Security Key - Guest Posting from PayPal I am happy to say they are using VeriSign Identity Protection to deliver this, which means that PayPal Customers will be able to use their token at other sites who join the VIP network. PayPal are the first UK members of the network, but there are around 30 other members in different countries around the world so you can expect to see more places where you can use your token in the UK appearing shortly. Facebook scam - Part 2 This just in from the BBC web site, Symantec have identified a virus that steals user names and passwords, nothing new there. But, if I understand this right, it is delivered through a Facebook invitation from someone you don't know and delivers malware which can then steal user names / passwords and also keylog credit card info. Survey finds passwords are not secure - well d'uh! I don't think the vendor community has been crying wolf about the problems that stronger authentication solves, more like highlighting that this problem is here and growing. Well the discussion I have had recently with many different organisations across many different industries are now resulting in more and more consumer projects in this area |
|
| Cloud Identity, Trust and the Liability Elephant. I have been involved with a couple similar initiatives around certification for identity and thought it would be interesting to explain the logic behind these efforts. The first initiative is led by the Open Identity Exchange and is based on... Greek Heroes, Facebook and Trust When Achilles was a baby, the oracle predicted that he would die in battle from an arrow. Thetis, Achilles' mother who did not want her son to die decided to dip Achilles' body into the water of a river that... PCI for the Cloud For most enterprise and security vendors, the cloud is fascinating both as a technology and a business disruptor. In fact, SAAS CEOs such as Successfactor, SalesForce and NetSuite are hot shots in Silicon Valley these days. Yet, most of us... |
|
