Oceanic Technologies

Menu

Cloud Computing Security

Cloud Computing is one of the next significant stage in the Internet’s evolution, providing the means through which everything – from computing power to computing infrastructure, applications, business processes to personal collaboration – can be delivered to you as a service wherever and whenever you need.

The “cloud” in cloud computing can be defined as the set of hardware, networks, storage, services, and interfaces that combine to deliver aspects of computing as a service. Cloud service models are based on three categories; Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Services (SaaS).

Consumer Cloud Computing services has been well established ever since mainstream Internet. Well known examples are Webmail services and social networking platforms. However the adoption of Cloud Computing within the Enterprise sector has been slow. This slow uptake in Cloud services that promises so much has been primarily influenced by the numerous security risks, concerns and challenges posed within such an environment.

Governance, Risk and Compliance factors of Cloud Services need to be fully assessed by organizations to provide informed judgments. Data and Information lifecycle, source and origination, transfer, destination, validation and deletion all need to be understood. Transcoder data flow of sensitive information resulting in litigation have to be approved by legal team. Periodic right for 3rd party audit clause, frequent reporting mechanisms of security violations and a clearly defined service level agreement. With Cloud providers utilizing shared pool of resources, virtualization and isolation capabilities need to be questioned along with identity access control and management frameworks. Encryption key lifecycle of virtualized environments, portability of information if your organization decides to move to another Cloud provider are just some critical factors to consider.

  • Cloud Service Model adoption – SaaS, PaaS and IaaS
  • Cloud Computing Risk Management
  • Compliance and Audit Control in Cloud Computing environments
  • Information Lifecycle Management in the Cloud
  • Data Portability and Interoperability between Cloud providers
  • Virtualization and Multi-Tenancy environments
  • Application and Hypervisor Security
  • Encryption and Key Management
  • Identity and Access Management
  • Data Center operations and Disaster Recovery Planning

Virtualization Appliances for Multi-Tenant environments and offering Security as a Service on demand with rapid elasticity are some of Oceanic Technologies key specialized areas in the Cloud Computing Security domain.

Oceanic Technologies – “A Holistic Security Approach to Cloud Computing” whitepaper – an analysis and overview on some of the critical information security concepts and requirements before moving to the cloud. Cloud Computing Security Whitepaper as presented at I-SAFE 2011 ISACA UAE Chapter event