"While there are clearly benefits to investing in various cloud computing models, the lack of standards is concerning. Threats from data leakage to hypervisor attacks and unprotected APIs pose significant financial risk if not properly addressed. IOActive is excited to be part of the industry leading effort to define best practices for providing security assurance within Cloud Computing,"
—Josh Pennell, founder and President of IOActive
It is no surprise that the emergence of cloud computing and virtualization are creating a noticeable buzz across the IT space. As the market puts pressure on companies to increase productivity and decrease capital investments, solutions like distributed computing—that offer scalable systems with low overhead—are attractive options for management to consider. However, when you are responsible for the security of your network, the thought of migrating everything to an environment you don't actually own or control probably makes you cringe.
By now you've undoubtedly heard the mantra: "know where your data is, and know where your data is going." This concept is the cornerstone to data security, and plays a significant role in achieving and maintaining compliance with the Payment Card Industry Data Security Standards (PCI DSS). Most of the requirements hinge upon a merchant's ability to implement network access controls, and periodically test their effectiveness, which may be difficult to do in a cloud platform, where the underlying infrastructure is outsourced.
So how does a company leverage the benefits of cloud systems without jeopardizing security, or PCI compliance? The same way you would approach any new technology: by understanding the architecture, and selecting a platform that exposes you to the least amount of risk. As a founding member of the Cloud Security Alliance, IOActive can help your organization identify its existing risk and then map a course that provides the greatest security for your product or service by employing:
