TechBuddha: Cloudy Amazon AWS Security
Amrit Williams, TechBuddha, has posted an absolutely on-target examination (and right on-time as well – with the Amazon news published yesterday) of the rather murky state-of-affairs (at least in the security realms) at Amazon.com, Inc. (NasdaqGS: AMZN) Web Services unit. Read a short snippet of the TechBuddha’s post after the jump, and visit his blog early, and often.
From the Amrit Williams, the TechBuddha’s post:” Recently I posted some thoughts on cloud security (here), (here), and (here). The bottom line still holds true…
When we allow services to be delivered by a third party we lose all control over how they secure and maintain the health of their environment and in many cases we lose all visibility into the controls themselves, that being said…Cloud Computing platforms have the potential to offer adequate security controls, but it will require a level of transparency the providers will most likely not be comfortable providing.
In September of 2008 Amazon released a paper entitled “Amazon WebServices: Overview of Security Processes” which discusses, at a high-level, aspects of Amazon’s AWS (Amazon Web Services) security model. Essentially it says that they will provide a base-level of reasonable security controls against their infrastructures and the enterprise is required to provide the required security controls against their guest OS instance and other attributes of the customer environmental variables, including data backup, controls, and secure development.”
- Straddling the Cloud
- Amazon EC2 Now Available In Europe
- Public Data Goes on Amazon’s Cloud
- Cloud Computing Making Forensics Easier
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_b.png?x-id=a9068691-966c-4f71-85e7-fd0093c2bf13)
