Fathoming the cloud
A final component of the Cloud Security Alliance is coordination. A number of other related security efforts are in place. The Trusted Cloud initiative, for example, specializes in Identity and Access Management. If you think you have too many passwords now, just wait until everything is a service. Governments and companies have also started creating cloud security groups. Without coordination, a whole lot of wheel reinvention will be going on, and, chances are, not all of the wheels will work.
The cloud is definitely not for everyone. A lot of technology forces are pushing and pulling against cloud computing: high-speed Internet, faster computers, and better software tools. The business side has the potential to reduce large expenditures in favor of smaller, but more frequent, costs. (Guess which one your manager will want to pick, even if it doesn't make technological sense?). As they say in Latin, Praemonitus praemunitus (forewarned is forearmed).
- Cloud Security Alliance: http://www.cloudsecurityalliance.org/
- Hype cycle: http://en.wikipedia.org/wiki/Hype_cycle
- Security Guidance for Critical Areas of Focus in Cloud Computing V2.1: http://www.cloudsecurityalliance.org/csaguide.pdf
- PCI Data Security Standards Documents: https://www.pcisecuritystandards.org/security_standards/documents.php
- Security Guidance – Portability and Interoperability: https://wiki.cloudsecurityalliance.org/guidance/index.php/Portability_and_Interoperability