Of late, I am working on the cloud security mechanisms from multiple vantage points:
- Cloud Security mechanics for the provider interface between a Cloud Service Provider and a Cloud Service Consumer (including various brokers)
- Protocols, elements et al as part of the DMTF Cloud Incubator wg. Our white paper will explain a little further on the architectures
- Embedding Cloud Security in the network, leveraging various network capabilities – available now and in the future
- Cloud Analytics for compliance reporting and forensics
- And finally, a comprehensive view of Cloud Security
- On this front, I did a guest lecture [Is Secure Clouds An oxymoron?] at the Naval Postgraduate School, Monterey
- My aim was to facilitate and provoke discussions than suggest any solutions – the deep discussions will come later …
- The room was full, excellent audience, lots of participation and some very good questions …
I will write more on this topic, especially #1. There is good amount of work happening in the Cloud Service Provider <-> Cloud Service Consumer front …
And we are starting to prototype the Cloud OS/APIs with extended semantics (including interface into our own UCS compute and policy plane) in our Cloud Concept lab (in Ruby!).
I believe that Cloud Security would be more robust if we can interface *natively* from the Cloud OS layer, with the network, compute and storage control/management/policy planes …
Cheers
<k/>
