Scott Sanchez

There is a talk that I've given a few times with very good response - "How Cloud Computing -Improves- Security".  We go in to detail on all the areas where cloud providers have (or should have) gone the extra mile relative to the datacenter a customer runs in-house, and how with a solid partnership with your provider - a cloud can be more secure than what you have in-house.  One of the things we discuss during that talk is how users of cloud need to be prepared to spend more on security and compliance to get the level of comfort and risk management they are used to. The number I like to use is 15% - that for each dollar you save by making a move to cloud computing, you should invest  15 cents to improve security and increase compliance efforts.  The top areas of focus for most should be application security and real-time monitoring efforts.  The security levels tha... (more)

Cloud Computing Security Resource List

This is a living blog post where you will find pointers to cloud security resources that I find valuable.  Reference material, standards efforts, articles, blogs, tweets… whatever I think might help someone else will get shared here.  Essentially, a place where I can (eventually) point people interested in learning something about cloud security.  For now, you’ll get a few random links off the top of my head. Cloud Computing on Alltop – not a cloud security specific site, but a fantastic collection of the top cloud computing blogs and news all in one place Cloud Security Allianc... (more)

Location, Location, Location - Storing EU Data with Safe Harbor

For years companies that had to store or process data about EU citizens only wanted to do it inside the EU. In some countries like Germany, the laws can be even tighter and hard to understand, so companies kept their data inside the “Bundesrepublik” to avoid any issues. The “Safe Harbor” program for data management gains popularity One of the developments in inter-continental data management that is not new but is gaining popularity with the rise of cloud computing is “Safe Harbor”, a program developed by the US State Department in cooperation with the European Union. Essentially... (more)

Concept: Using AWS IAM to Protect Your Own APIs

Let’s say, hypothetically, that you are considering building a cloud-based service and had come to that fork in the road where you had to think about how to authenticate users to your API’s. As I was thinking about that problem, it struck me that potentially you could use the new(ish) identity and access management services from AWS.  Create users, set groups and permissions, authenticate them against IAM as an identity provider of sorts.  Of course after I read the FAQ where it asked if you can use it on 3rd party apps, the answer was “not yet”. But I think you can, today. Step... (more)

Cloud Isn’t Secure Because It Is Multi-Tenant

Cloud isn’t secure because it is multi-tenant.  This is a weak argument that I’m tired of hearing. Here’s my short and sweet rebuttal to that position. >> Your internal data centers are multi-tenant today, and you aren’t managing them as well as a public cloud is managed. I can hear you going “Huh?”. Yeah.  Unless you are a three letter agency or one of a handful of super paranoid (or regulated) commercial organizations, your data center is multi-tenant today.  You have gaping holes opened so business partners can come in and help you make money, employees coming in from ‘dirty’... (more)