Forrester analyst Chenxi Wang recently released a ereport titled “How Secure is Your Cloud?” This report seeks to highlight the increased risk that IT departments face when considering cloud infrastructures for their applications.
“Cloud computing decouples data from infrastructure and obscures low-level operational details, such as where your data is and how it’s replicated,” Wang writes. “Multi-tenancy, while it is rarely used in traditional IT outsourcing, is almost a given in cloud computing services. These differences give rise to a unique set of security and privacy issues that not only impact your risk management practices, but have also stimulated a fresh evaluation of legal issues in areas such as compliance, auditing, and eDiscovery.”
It seems that one of the core issues they have is with multi-tenancy. Done correctly, a multi-tenant architecture is very secure. However, given the black-box nature of most cloud/SaaS/PaaS environments, it’s hard to evaluate if the proper security controls are in place.
Perhaps this is where initiatives such as the Cloud Security Alliance could be very useful to IT groups sorting through their risks and opportunities in the cloud.