Providing Security for Software Systems in the Cloud
Most cloud security discussions have focused on what cloud providers can do, what they can't do and what they might do if you pay them enough. These discussions focus on topics such as virtualization, hosting and data storage. However, just as the software industry has learned that putting fancy boxes on the network doesn't fix bad software, cloud converts must focus on the risks they bring along with the software they deploy.
This white paper reviews:
- How to deal with risk in the cloud;
- Why choices around authentication and access control, encryption algorithms and policies around private data must be revisited;
- An approach for assessing a software system's readiness to be deployed in the cloud.