RSA recently published a white paper entitled The role of Security in Trustworthy Cloud Computing. The document is extremely interesting.
It presents the different security challenges that enterprise will face when switching to public or even private cloud computing. With cloud computing, IT departments will loose control. This loss of control needs to be balanced by more trust and confidence in external providers (cloud infrastructure provider such as Amazon’s E2C, service provider in case of SaaS…).
For instance, the document some requirements for secure data
It will require
* Data isolation
* More granular data security
* Consistent data security
* Effective data classification
* Information Rights Management
* Governance and Compliance
We could argue that all these requirements already exist in the non cloud world. Nevertheless, they become MANDATORY in cloud computing! They will be more complex to implement and to monitor.
The document seems to lack one important threat. The insider threat was already a member of the cloud provider who illegally access private data. I believe there is another threat, another user of the cloud that attempts to access your data if isolation is not perfect.
There is already a rush towards cloud computing. But clearly, security of cloud computing is not yet mature. There is no integrated secure available solution.