As most of you well know, I was looking for information and opinions on Cloud Security over the last year. I found a lot of papers, but when I talk to our customers I realize that they think about the Cloud but Cloud Security is mainly something for the specialists – which it is not for me. Therefore, I was looking into preparing something on a management level that is easy to read and understand and finally makes it more appetizing to look deeper into the subject.
Probably the biggest challenge we had was to make sure that we do not oversimplify. Finally, we did not want to re-invent the wheel. There is very good material out there (e.g., from the Cloud Security Alliance and ENISA), which I would rather reference than do something similar.
At the end we came up with two new papers. One is written by our Trustworthy Computing organization and is a high-level overview of the Cloud and the corresponding security opportunities and challenges. You can find it here: Security in Cloud Computing Overview.
Additionally Doug Cavit – a Principal Security Strategist at Microsoft – and me were working on core considerations you have to make when you include the Cloud into you IT strategy. The paper is located here: Cloud Computing Security Considerations. This is the paper I would like to get your feedback on. Please keep the target audience in mind. In other words, if you give this paper to your CIO or even your CEO, if you would give it to a government elite in your country or a journalist – what is your view on it? What are you missing? What is good?
To set your expectations: I will answer all mails with constructive feedback, but as I am heavily on the road over the next few months, give me a little bit more than 24 hours (which I try to have normally) – but I will come back to you, promised! If you think that a call might be more accurate as you have so much to say, we might be able to do that – depending on the number of requests. What I cannot promise is that we will include all the feedback into a next version – if a next version is needed. My experience shows that feedback is sometimes contradicting to each other and sometimes I will disagree – and we might to have to sort that out.
So, you are definitely free to use the documents and if you would even be willing to take the time to give us feedback, I would highly appreciate. My mail is roger.halbheer@microsoft.com – looking forward to a lot of mails!
Roger