Re: Cloud Questions

[Jeffrey Walton <noloader () gmail com>]

On Fri, Nov 8, 2013 at 9:08 AM, David Miller <dmiller () metheus org> wrote:
> ...
> I don’t think I’ve seen a single post about cloud security.
>
> Is ‘the cloud’, AWS in particular, believed to be secure?  Is it simply not targeted?
Stallman has a term for it: Careless Computing.
http://techcrunch.com/2010/12/14/stallman-cloud-computing-careless-computing/.

> Or would it be covered by some other list?  Inquiring minds are, uh, inquiring.
The only list I've seen so far is OpenStack's security list.
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security.

From what I've seen, cloud security seems to have three broad tracks
(in addition to all the secure coding and HTML app stuff). First is
low-level security that acts on block devices, like Amazon's CloudHSM
and other who focus on VM security. Second is high level security that
attempts to secure databases (table fields) and object stores (Amazon
S3 and OpenStack Swift), like CipherClod and Armor-Cloud. And third is
identity management, like the federated and single sign-on
integrations.

Jeff

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/