At the moment I invest a lot of my time in a Whitepaper on Client and Cloud Security. There are a few fundamentals, which are already clear to me:
- You will not be able to run a trusted cloud ecosystem without a trusted client and trusted interactions. So, the End to End Trust model is needed in the cloud as well.
- A strong, federated identity metasystem is at the base of any cloud security
- Process transparency as an absolute need if you move to the cloud. If the provider tells you “you should not care about that, we take care of your security” – walk away from the deal.
This morning I read a blog post by Theresa Carlson. She is a Vice President in the Public Sector at Microsoft Us and blogged about Secure the Datacenter, Secure the Cloud. She raises the issue of process transparency as well and it is a post which is definitely worth readying.