Cloud SWAT teams

FREE

Become An Insider

Sign up now and get free access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content from the best tech brands on the Internet: CIO, CITEworld, CSO, Computerworld, InfoWorld, ITworld and Network World. Learn more.

These specialized incident-response units can swoop in when needed to help make the cloud more trustworthy.

Cloud computing poses unique security challenges for organizations, and multiple industry surveys have shown that security and privacy are among the key concerns of executives considering the cloud.

To address the challenges of securing the cloud, the Cloud Security Alliance (CSA), a not-for-profit organization made up of cloud vendors, user organizations and other key stakeholders, is developing the concept of cloud-specific "security incident-response teams" (CloudSIRT). Security executives and industry analysts say the initiative is a good move and should help bolster security in the cloud.

For many, the threat of security breaches is the biggest reason why they're reluctant to embrace cloud computing. IT and security executives still aren't convinced that service providers can adequately safeguard their data, particularly when it comes to using public cloud services for business transactions.

"Most incident-response teams are focused [on] more traditional, on-premises computing infrastructure belonging to enterprises, governments and education institutions, and the threats to them from malware, spam, DDoS attacks and hackers," says John Howie, who heads the CSA working group for the CloudSIRT initiative. He is also senior director of technical security services for the online services security and compliance team at Microsoft Global Foundation Services.

"With public and off-premises private cloud computing, organizations of all types no longer have computing infrastructure, or have a much reduced attack surface," Howie says. "Cloud providers are managing the computing infrastructure. Incident response now has to cross not just boundaries within an organization, but across organizations."

What's more, the concentration of information assets from multiple user organizations creates the real possibility that the consequences of security breaches in the cloud will be much more severe than those of traditional incidents.

Security experts say the CSA effort is a good step toward addressing cloud security.

"I'm positive on CSA and the CloudSIRT initiative, because appropriate forms of information sharing are very important in incident response and threat assessment," says Dan Blum, a security analyst at Gartner.

"The CSA has been an excellent focal point for the industry to collaborate on cloud computing security issues and has developed useful guidance," he says. "The CSA has also done well on coordinating with other organizations, such as standards bodies."

The company began using cloud computing in 2004, when it adopted Salesforce.com as its customer relationship management platform. The cloud is now a major part of its IT strategy.

Bart Falzarano, chief information security officer at Walz Group, a Temecula, Calif., provider of communications and compliance technology services, has set up an internal cloud incident-response team that monitors its private cloud and SaaS services. Team members include senior managers, infrastructure engineers and technical operations support personnel.

For those looking to form their own teams, Blum says it's best to include people from various parts of the organization.

To continue reading, please begin the free registration process or sign in to your Insider account by entering your email address:
FREE Computerworld Insider Guide: Five IT certifications that won’t break you
Join the discussion
Be the first to comment on this article. Our Commenting Policies