Review this video to get up to speed on the 5 elements of cloud security. Cloud security includes IT security as we know it, but will evolve to be more mature than that. In the video I elaborate on those 5 as they have evolved. Then I will talk about how cloud changes our approach to those five elements.
Here is a summary of the points in the video.
Historically, IT security started with infrastructure security. Just protecting the data center was good enough. But that was before we had data communications.
When data started to escape the confines of the data center we needed to protect it. Typically through encryption. Hence we need data security.
As the world wide web developed, we saw applications being exposed to it, and frankly, be vulnerable. So that is when application security started to become more important.
With the proliferation of applications, both within the enterprises and outside of it, keeping track of user access became more important too. That is when we start talking more about user security (or identity management).
Finally, as we are outsourcing to more and more individual software and cloud companies, we need to structure our oversight of those service relationships. That requires governance over contracts, SLAs, and more.
Cloud computing is having an impact on all of these five elements. Some are made easier, some increase in significance, some will change shape. Watch the video for more details.
If you want to dive deeper into these elements of cloud security, have a look at the CCSK Body of Knowledge.