What Is Security for Cloud Computing?
“Security controls in cloud computing are, for the most part, no different than security controls in any IT environment. However, because of the cloud service models employed, the operational models, and the technologies used to enable cloud services, cloud computing may present different risks to an organization than traditional IT solutions.
Cloud computing is about gracefully losing control while maintaining accountability even if the operational responsibility falls upon one or more third parties.
One of the attractions of cloud computing is the cost efficiencies afforded by economies of scale, reuse, and standardization. To bring these efficiencies to bear, cloud providers have to provide services that are flexible enough to serve the largest customer base possible, maximizing their addressable market. Unfortunately, integrating security into these solutions is often perceived as making them more rigid.
This rigidity often manifests in the inability to gain parity in security control deployment in cloud environments compared to traditional IT. This stems mostly from the abstraction of infrastructure, and the lack of visibility and capability to integrate many familiar security controls — especially at the network layer”. [extract]
CSA Reference Model
Proofpoint – Security as a Service
CEO Gary Steele discusses how and why Proofpoint uses cloud-based technologies to deliver security and compliance solutions to its customers. Benefits of security-as-a-service solutions are cost, superior threat detection, prevention, and innovation.
Cloud Security Platform – CloudAccess
Enterprise security delivered from the cloud as a SECaaS (Security-as-a-Service) application. http://www.cloudaccess.com/ – CloudAccess eliminates risk for customers and delivers a cloud-based IT security platform that is easy to use, affordable and manageable.
TELCO Challenge – Cloud Security Services
Almost by definition, telecom operators are becoming cloud service providers, opening up new opportunities to become a trusted extension of corporate IT.
In this video, Jim Reavis, Executive Director of the Cloud Security Alliance, discusses the two-fold requirement for operators to best secure their own networks while leveraging this infrastructure for outsourced IT services.
Nick Kael, Principal Security Strategist at Symantec, discusses the telco challenges of multi-tenant cloud security. Four design principles for cloud security are presented.
So Security as a Service (SECaaS) is the set of security service capabilities that are typically provided by a third party using the SaaS (software as a service) model.
At a hardware level the local / global network providers (Telcos) have deep expertise in all types of security offerings for Traditional IT and Cloud IaaS and PaaS.
The Cloud Security Alliance is a trusted source of research that will enable you to evaluate and procure next generation Security as a Service(s).
You can procure a managed cloud security service but it is important to understand that the Security as a Service broker sits between the Customer and the Cloud Service Provider. Cloud Security is a shared responsibility but you can’t handover accountability for risk management and information assurance.