For all the hype cloud computing has received in recent years, theres been one small problem: few truly understand what it means. But recently, the Cloud Security Alliance has tried to change that by releasing "Guidance for Critical Areas of Focus in Cloud Computing" version 2.1.

The voluminous document establishes an architectural framework and makes a series of cloud security recommendations. The CSA describes cloud computing environments as featuring on-demand, self-service consumption, allowing broad access via networks, drawing from a pool of shared computing resources, which can be quickly scaled up or down depending on demand, and involving some type of metering to track usage.

For all those benefits in economy of scale and standardization, the CSA warns it also present significant security challenges.

"To bring these efficiencies to bear, cloud providers have to provide services that are flexible enough to serve the largest customer base possible, maximizing their addressable market," the document states. "Unfortunately, integrating security into these solutions is often perceived as making them more rigid.

"This rigidity often manifests in the inability to gain parity in security control deployment in cloud environments compared to traditional IT," it adds. "This stems mostly from the abstraction of infrastructure, and the lack of visibility and capability to integrate many familiar security controls -- especially at the network layer."

The CSA report breaks cloud computing security into 13 different subsets, from governance issues like e-discovery, compliance and audits to operational concerns such as disaster recovery, application security and identity management.


Interested in information related to this topic? Subscribe to our Information Technology eNewsletter.