Enterprises can't evaluate cloud application security provisions by the same yardstick used for their on-premises security capabilities, according to software security expert John Overbaugh. The goals of both cloud and on-premises software and infrastructure are the same, and both largely concern protecting data and systems from getting into the wrong hands. However, there are profound differences in how each one reaches the goals.
Vague worries about cloud computing security risks are keeping too many companies from gaining the benefits of the technology, concerns that could be allayed by organized assessments, says Overbaugh, Caliber Security Partners' managing director of security services. Recent 2014 surveys by RightScale and Intermap back this assertion, showing that companies using cloud services have insignificant fears about security, while nonusers ranked their anxiety levels at 31% and 40%, respectively.
Take a structured approach to conversations about which controls are in the cloud, and which aren't, Overbaugh says. He describes the steps in his methodology for assessing cloud computing security risks and the responsibilities of cloud provider and enterprise cloud users in this SearchCloudApps.com series of podcasts. In this installment, he explains why enterprise architects have to think outside the box when evaluating cloud computing security risks, and outlines his framework for assessing security and robustness.
Overbaugh's cloud security assessment methodology includes in-depth of evaluation of six core areas: context, data access, data transit, data storage, app environment and security controls. In this podcast series, he offers in-depth advice on each step in every area.
Jan Stafford plans and oversees strategy and operations for TechTarget's Application Development Media Group. She has covered the computer industry for the last 20-plus years, writing about everything from personal computers to operating systems to server virtualization to application development.