Encryption Is Cloud Computing Security Savior

Posted by Alexander Wolfe on November 19, 2009

I'm beginning to think that fears about cloud security are overblown. The reason: an intellectual framework is already in place for protecting data, applications and connections. It's called encryption. What's evolving now, and isn't anywhere near fully baked, is a set of agreed-upon implementations and best practices. Today's post talks about some relevant and interesting work from Trend Micro and from IBM.

Along with the leadership we're seeing from Trend Micro and IBM, it's only fair to add that most of the security vendors and cloud-service providers themselves are researching this stuff. (I'll cover those efforts in future posts.) One impediment in writing about cloud security is that people tend to be closed-mouth, because of the seriousness of security,  as per the old phrase: "If I tell you, then I'd have to kill you."

From my perspective, as I've started blogging about cloud security -- see "Cloud Security In Focus Amid Data Theft Fears" -- I've begun to see up close this reluctance of experts to provide deep data dumps. (A corollary is that those who don't know tend to be voluble.)

Quite apart from the fact that chatter is antithetical to the security and intelligence-community ethos (not always, though), there's so much disparate activity it's hard to get a holistic understanding of where things are headed. Thus, my funneling everything into the encryption bucket is an attempt to summarize and make some sense of where the nexus of activity lies.

So, while I've been hoping to pull together comprehensive posts,  I can see what I'm going to have to do is offer up incomplete bits and pieces, blogging about this stuff as I get wind of it. Accordingly, here are three interesting, albeit very loosely connected, items: