How structured evals allay fears about cloud computing security risks

Expert John Overbaugh shares his methodology for assessing cloud computing security risks and the responsibilities of cloud providers and users.

Enterprises can't evaluate cloud application security provisions by the same yardstick used for their on-premises security capabilities, according to software security expert John Overbaugh. The goals of both cloud and on-premises software and infrastructure are the same, and both largely concern protecting data and systems from getting into the wrong hands. However, there are profound differences in how each one reaches the goals.

Vague worries about cloud computing security risks are keeping too many companies from gaining the benefits of the technology, concerns that could be allayed by organized assessments, says Overbaugh, Caliber Security Partners' managing director of security services. Recent 2014 surveys by RightScale and Intermap back this assertion, showing that companies using cloud services have insignificant fears about security, while nonusers ranked their anxiety levels at 31% and 40%, respectively.

Take a structured approach to conversations about which controls are in the cloud, and which aren't, Overbaugh says. He describes the steps in his methodology for assessing cloud computing security risks and the responsibilities of cloud provider and enterprise cloud users in this SearchCloudApps.com series of podcasts. In this installment, he explains why enterprise architects have to think outside the box when evaluating cloud computing security risks, and outlines his framework for assessing security and robustness.

cloud assessment methodology

Overbaugh's cloud security assessment methodology includes in-depth of evaluation of six core areas: context, data access, data transit, data storage, app environment and security controls. In this podcast series, he offers in-depth advice on each step in every area.

Jan Stafford plans and oversees strategy and operations for TechTarget's Application Development Media Group. She has covered the computer industry for the last 20-plus years, writing about everything from personal computers to operating systems to server virtualization to application development.

This was first published in May 2014

Dig deeper on Cloud access management and application security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Related Discussions

Jan Stafford asks:

Are cloud computing security risks a major concern of yours?

0  Responses So Far

Join the Discussion

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchAWS

SearchSOA

TheServerSide

SearchFinancialApplications

SearchBusinessAnalytics

SearchCRM

Close