Re: Cloud Security Panel: Is cloud computing more or less secure than on-premises IT?

["Ali, Saqib" <docbook.xml () gmail com>]

The traditional (draconian??) e-security departments are having a
field day with all the media buzz on insecurity of the cloud
computing. They are missing the big picture.

Risk management is important. However what I am seeing right now is
that most traditional e-security dept are just concentrating on the
the Vulnerability component of the Risk equation:

Total risk = Threat X Vulnerability X Asset value
Residual risk = Total risk – Countermeasures

They are completely leaving out the “likelihood of a event happening”
from their analysis.

Countermeasures are put in place to reduce the likelihood of an event,
which minimizes the overall residual risk.

In the words of Professor David Deutsch, “Problems are Soluble.
Problems are inevitable”

No amount of precautions can avoid problems that we do not yet
foresee. Hence we need an attitude of problem fixing, not just problem
“avoidance”. And it’s true that an ounce of prevention equals a pound
of cure, but that’s only if we know what to “prevent”. If you’ve been
punched on the nose, then the science of medicine does not consist of
teaching you how to avoid punches. If medical science stopped seeking
cures and concentrated on prevention only, then it would achieve very
little of either.

The traditional Enterprise IT world is buzzing at the moment with
plans on how to stop Cloud Computing from entering into the workplace.
It ought to be buzzing with plans to reduce the security and privacy
risks associated with Cloud Computing and improve data-portability and
forensic capabilties. And not at all costs, but efficiently and
cheaply. And some such plans exist, host-prood hosting[1], for
example.

With problems that we are not aware of yet, the ability to put right —
not the sheer good luck of avoiding indefinitely — is our only hope,
not just of solving problems, but of making technological progress.

(the above is based on a talk by Professor David Deutsch on problem avoidance)

1. http://en.wikipedia.org/wiki/Host-proof_hosting


saqib
http://kawphi.blogspot.com

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------