I've been thinking a lot about public cloud security lately. Not simply mulling the theoretical question of "is cloud more or less secure than my own infrastructure", but looking at practical approaches to cloud security. At Nemertes Research we use cloud computing extensively. For several years we used the cloud for test and development and in mid-2009 we moved production servers into the cloud.rnThe risks in cloud computing can be quite different from on-prem-ises computing. We have to secure our systems against at least three different angles of attack: those from the Internet; those from other "tenants"; and those from the cloud computing provider's staff.rnThe last point specifically can be the most challenging. No matter how well the provider has trained and vetted their staff, there is always the risk of an insider attack.
展开▼