back to article Locking up the cloud

A Cloud Security Alliance has popped up and will show itself at an RSA security conference on April 21. The non-profit CSA says it's formed itself to "promote the use of best practices for providing security assurance within Cloud Computing", and to show users how to use cloud computing "to help secure all other forms of …


This topic is closed for new posts.
Anonymous Coward


Nobody should be putting anything sensitive in the cloud unless it is fully encrypted...everything I store for my customers, users, and staff is fully encrypted, additionally they know where it sits and that it is safe.

Silver badge
Paris Hilton

Re Encryption


It is naive and misleading to think and to tout that even with encryption is there a cast-iron guarantee that information/sensitive data is safe, anywhere .... for it was/is widely believed that money is safe in a bank and look how misguided that turned out to be. However, as safe as safe can be is a valid enough claim to offer but certainly anything more would be just wishful thinking.

What of course, is the Major Establishment Global Worry, is Anything Sensitive going into the Cloud which is not encrypted, thus becoming General Secret Knowledge, and which would alter the Balance of Power beyond Present Controls, although that is normally something which can be Resolved Immediately with a Massive Injection of Flash Cash to Source Kernels, at least Commensurate and Proportional to the Risk Involved and/or Likely Damage to be Caused by any such Sharing of Knowledge, which would then be most Definitely Used to Ensure Adequate and Overwhelming Protection against any Possible Likelihood of Damage being Done or Able to be Done at any other Date by any other Third Party with such Sensitive Information.

And to dither and dally in such Situations is to Guarantee Failure rather than Paying up the Ante to where it is Needed and Ensuring Future Success...... for the Information is out there already, embedded in Systems and when you go looking for it, countering it when it then surfaces would be virtually impossible ..... unless it is has Adequate and Overwhelming Protection.

But hey, it's only money needed to ensure such Specialised Security Services for CyberIntelAIgent Cloud Strata and Virtual AIMachinery. And it is not as if it going anywhere strange, is it?

I wonder if Paris does anything strange .... or whether she just like any other normal person?

Anonymous Coward

You don't develop best practice

it forms over time, and it has to be argued out to the nth degree. There is no gut feeling or emotion in best practice, there is just cold, hard, accurate fact.

And herein lies the problem, if this tries to get developed in it will just fall into the trap of the most convenient, and in the end will work against itself.

Just looking at the comment above, where someone is trying to hold onto something dear without thinking it through. Sure encrypt, first question is what with, and then the second where is the decryption and the encryption occurring?

Encryption is designed generally to only secure for a time period, and if the plain is a known that can reduce the time period further.

Encryption is not a panacea but you will see people thinking it is, and thinking that for something to be secure in best practice they should encrypt without fully thinking the process through, there is probably a lot more that needs to be done before you even get to encryption.

Best practices will not use the cloud for anything you wish to keep secure, that is my guess. And I would also argue that something completely devoid of encryption where its existence is not known by more than one, is more secure than something that is heavily encrypted on a system accessible to anyone in the world.

The Net was always designed to share information, not to keep secrets.

This topic is closed for new posts.


Biting the hand that feeds IT © 1998–2018