Last week I attended the ICCC in Paris where Ashit Vora, Manager, Security Assurance, Cisco discussed the Cloud and how Common Criteria can be used to help mitigate threats. The following is an excerpt from his presentation and food for thought on Cloud security.
More and more enterprises, including governments are moving their data “to the Cloud” in the hopes of saving infrastructure and maintenance costs. But is this at the risk of security? As both private and public Clouds become pervasive, security is going to be a major concern. Cloud infrastructure by definition has large amounts of information including proprietary information, competitive information, information of different classification levels, etc. In addition, the types of mechanism available to access the information in the Cloud, such as B.Y.O.D. (Bring Your Own Device), are increasing day by day. If the proper security mechanisms are not in place and validated, it could prove to be damaging to all users of the Cloud.
Engineers and integrators are incorporating best practices to implement Cloud security. Cloud security is a combination of system security and product security. It is in the area of product security that by developing Protection Profiles, Common Criteria can be leveraged to help mitigate the threats in the Cloud. Protection Profiles tailored for Cloud architecture can help ensure the product’s ability to compartmentalize data, control access and secure storage and transmission.