[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Cloud Questions

To: David Miller <dmiller@xxxxxxxxxxx>
Subject: Re: [Full-disclosure] Cloud Questions
From: Jeffrey Walton <noloader@xxxxxxxxx>
Date: Sat, 9 Nov 2013 09:47:13 -0500

On Fri, Nov 8, 2013 at 9:08 AM, David Miller <dmiller@xxxxxxxxxxx> wrote:
> ...
> I don’t think I’ve seen a single post about cloud security.
>
> Is ‘the cloud’, AWS in particular, believed to be secure?  Is it simply not 
> targeted?
>
Stallman has a term for it: Careless Computing.
http://techcrunch.com/2010/12/14/stallman-cloud-computing-careless-computing/.

> Or would it be covered by some other list?  Inquiring minds are, uh, 
> inquiring.
The only list I've seen so far is OpenStack's security list.
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security.

From what I've seen, cloud security seems to have three broad tracks
(in addition to all the secure coding and HTML app stuff). First is
low-level security that acts on block devices, like Amazon's CloudHSM
and other who focus on VM security. Second is high level security that
attempts to secure databases (table fields) and object stores (Amazon
S3 and OpenStack Swift), like CipherClod and Armor-Cloud. And third is
identity management, like the federated and single sign-on
integrations.

Jeff

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Cloud Questions
  - From: David Miller

Prev by Date: Re: [Full-disclosure] I'm new here, and I already have something to share
Next by Date: Re: [Full-disclosure] Cloud Questions
Previous by thread: [Full-disclosure] Cloud Questions
Next by thread: Re: [Full-disclosure] Cloud Questions
Index(es):
- Date
- Thread