[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAH8yC8mHn55t4Ois=KXEHY6aSGQBEGctZipCiaffQACXrwYUeg@mail.gmail.com>
Date: Sat, 9 Nov 2013 09:47:13 -0500
From: Jeffrey Walton <noloader@...il.com>
To: David Miller <dmiller@...heus.org>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Cloud Questions
On Fri, Nov 8, 2013 at 9:08 AM, David Miller <dmiller@...heus.org> wrote:
> ...
> I don’t think I’ve seen a single post about cloud security.
>
> Is ‘the cloud’, AWS in particular, believed to be secure? Is it simply not targeted?
>
Stallman has a term for it: Careless Computing.
http://techcrunch.com/2010/12/14/stallman-cloud-computing-careless-computing/.
> Or would it be covered by some other list? Inquiring minds are, uh, inquiring.
The only list I've seen so far is OpenStack's security list.
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security.
From what I've seen, cloud security seems to have three broad tracks
(in addition to all the secure coding and HTML app stuff). First is
low-level security that acts on block devices, like Amazon's CloudHSM
and other who focus on VM security. Second is high level security that
attempts to secure databases (table fields) and object stores (Amazon
S3 and OpenStack Swift), like CipherClod and Armor-Cloud. And third is
identity management, like the federated and single sign-on
integrations.
Jeff
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists