Powered By InformationWeek Business Technology Network
 
Welcome Guest. | Log In| Register | Membership Benefits
  • Email this page E-mail this page
  • |  Print Print this page
  • |   Bookmark and Share

Jericho Forum Issues Best Practices For Secure Cloud Computing

"Cloud Cube" model provides criteria for evaluating online services model, provisioning

Apr 17, 2009 | 01:15 PM

By Kelly Jackson Higgins
DarkReading

An industry group has come up with a model for evaluating and determining if and where cloud-based computing makes sense for an organization.

The Jericho Forum today released its so-called Cloud Cube Model white paper (PDF), which provides best practices and criteria for going to the cloud, as well as choosing the appropriate service providers. "The Jericho Forum cloud cube computing model is designed to be an essential first tool to help business evaluate the risk and opportunity associated with moving into the cloud," says Adrian Seccombe, CISO and senior enterprise information architect for Eli Lilly and a member of the Jericho Forum board.

The forum says not every IT function should be relegated to the cloud, and defines the different types of these online services. Security "is often significantly better than that of the customer's own IT systems" with some cloud providers, according to the white paper, but with a caveat: "While this may well be true, it is critical that cloud customers select the right cloud formations for their needs to ensure they remain secure, [are] able to collaborate safely with their selected parties as their evolving business needs require, and [are] compliant to applicable regulatory requirements -- including on the use and location of their data."

There are four basic criteria for different types of cloud-based environments, according the Jericho Forum: internal or external, or the physical location where the data would reside within the organization or outside of it; proprietary or open, meaning who "owns" the data, systems, and interfaces; perimeterized and deperimeterized, which defines the architecture; and insourced and outsourced, which distinguishes between an internally provisioned service and an external one.

Organizations should ask potential suppliers of cloud computing services where they fit in the "cube," and how they ensure features, for example, according to the Jericho Forum, as well as how to ensure availability and continuity were the provider to go bankrupt or change business focus.

"Jericho's next phase, which addresses secure collaboration in the cloud, is seen as a big step in the right direction," says Guy Bunker, chief scientist and distinguished engineer at Symantec. "Bringing together enterprise, system integrators, and application vendors has resulted in a practical approach to security in the next generation of collaboration architecture."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.


Subscribe to RSS



Security Services Reports

You've Got (Secure) Mail: Using Service Providers to Boost Protection You've Got (Secure) Mail: Using Service Providers to Boost Protection
The SaaS market is still in its infancy, but hosted e-mail security firms are leading the way, thanks to ease of implementation and many obvious benefits. Still, these services are not without risks. In this Dark Reading Tech Center report, we'll discuss how to determine what mix of in-house and hosted email security makes sense for your organization.

Security Services Strategies For Small and Midsize Firms Security Services Strategies For Small and Midsize Firms
Infosec managers in small and midsize enterprise often feel like an army of one, constantly pinching pennies. But the paradigm shift from expensive on-premises management to off-premises hosting is good news for you, because today more than ever, the small business has access to large-enterprise security technologies via the phenomenon of subscription-based licensing. In this report, you'll discover how you can use security services strategically to gain economies of scale -- and a really deep bench.

Security Software as a Service: Navigating the New MSSP Landscape
This Dark Reading Security Services Tech Center Report offers advice on how to cut through the hype and claims by SaaS security vendors to get the best fit for your business. It provides a detailed look at the most popular types of cloud-based data protection and gives a rundown on the top service providers vying for your dollars.

Making the Business Case: Security Outsourcing in Financial Services
When it comes to online security, the financial community is under siege.  Between the troubled economy, the advent of more sophisticated attacks, and the growing number of threats inside and outside the organization, one thing is clear: financial services firms need help. In this report, we offer a look at the factors that are driving the financial industry toward security outsourcing - and how your institution can find the right provider.

Integrated Security Services: How To Choose The Right Provider Without Getting Burned
Providers ranging from Microsoft to Finallyfast.com offer everything from simple anti-malware, e-mail and content filtering services to sophisticated security applications, all in a single package. In this report, we discuss how to get the best "suite" for your business -- and your budget -- and what to beware of.

Making The Security Outsourcing Decision: A Reader's Guide
For years, enterprises resisted the idea of bringing a third party into their security strategies. Today, however, with security threats proliferating at alarming rates and economic pressures forcing major cutbacks, many companies are rethinking the security outsourcing decision. In this report, you'll learn about the wide variety of security services categories available on the market – their strengths and weaknesses, their costs, and what you should know before you make the outsourcing decision.