A new security architecture for the cloud

Members of the Open Group's Security for the Cloud and SOA Project have launched a new security architecture for the cloud, to help security organizations better understand the unique security aspects of cloud computing.

The group has published a guide called "An Architectural View of Security for Cloud," the first in a forthcoming series on security that will cover multiple areas beyond the cloud. Together, the guide and architecture are designed to help IT and security executives gain a more comprehensive view of complex cloud infrastructures and as a result make more informed decisions regarding the risks and opportunities.

Also see: "The cloud security survival guide"

The group's intent is to produce "a set of whitepapers which will examine each of our architectural building blocks in greater detail through the use of business scenarios," says Omkhar Arasaratnam, a certified senior security architect at IBM and co-chairman of the Open Group's Cloud Work Group Steering Committee.

"The reality is that security in the cloud is not black or white, but really many shades of gray," Arasaratnam says. "IT and security executives need to understand the impact which these shades of gray have on their overall risk posture, and take appropriate mitigating steps."

The work the group is doing compliments what the Cloud Security Alliance (CSA) has been working on with regard to cloud security, Arasaratnam says. "The Cloud Security Alliance has published a number of excellent documents regarding various aspects of securing cloud computing," he says. "We fully agree with many of them, in fact in our recent white paper we even cite some of their latest thinking regarding identity and access management."

The group's work is more focused on the architectural concerns of cloud security, Arasaratnam says, "where we find that the CSA work mainly [focuses] on technical controls such as device settings. Consideration of both are required to [secure] your cloud."

CSA agrees that the work is complimentary. "The Open Group's policy-based cloud security architecture white paper effectively leverages and aligns with CSA identity management principles for the cloud," says Subra Kumaraswamy, co-chairman of the Identity and Access Management, Encryption & Key Management working group at the CSA.

"It is articulating the key security issues in the cloud: identity, entitlement and access management in the cloud," Kumaraswamy says. "CSA's current effort in the area of identity reference architecture will address all aspects of identity and access lifecycle including provisioning, authentication, authorization, federation and auditing and will be complementary to the Open Group's efforts."

The Security for the Cloud and SOA Project will host an "architectural decisions rodeo" at the Open Group Conference in Austin, Texas, July 18-22, to discuss key architectural decisions regarding cloud security.

Read more about cloud security in CSOonline's Cloud Security section.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationsIBMThe Open Group's Security for the Cloud and SOA Projectcloud security architectureData Protection | Cloud Securitycloud securitycloud security alliancesoftwareOpen Groupdata protection

More about CSAIBM AustraliaIBM AustraliaOpen Group

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Bob Violino

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts