Jericho Forum Issues Best Practices For Secure Cloud Computing
Cloud Cube model provides criteria for evaluating online services model, provisioning
April 17, 2009
An industry group has come up with a model for evaluating and determining if and where cloud-based computing makes sense for an organization.
The Jericho Forum today released its so-called Cloud Cube Model white paper (PDF), which provides best practices and criteria for going to the cloud, as well as choosing the appropriate service providers. "The Jericho Forum cloud cube computing model is designed to be an essential first tool to help business evaluate the risk and opportunity associated with moving into the cloud," says Adrian Seccombe, CISO and senior enterprise information architect for Eli Lilly and a member of the Jericho Forum board.
The forum says not every IT function should be relegated to the cloud, and defines the different types of these online services. Security "is often significantly better than that of the customer's own IT systems" with some cloud providers, according to the white paper, but with a caveat: "While this may well be true, it is critical that cloud customers select the right cloud formations for their needs to ensure they remain secure, [are] able to collaborate safely with their selected parties as their evolving business needs require, and [are] compliant to applicable regulatory requirements -- including on the use and location of their data."
There are four basic criteria for different types of cloud-based environments, according the Jericho Forum: internal or external, or the physical location where the data would reside within the organization or outside of it; proprietary or open, meaning who "owns" the data, systems, and interfaces; perimeterized and deperimeterized, which defines the architecture; and insourced and outsourced, which distinguishes between an internally provisioned service and an external one.
Organizations should ask potential suppliers of cloud computing services where they fit in the "cube," and how they ensure features, for example, according to the Jericho Forum, as well as how to ensure availability and continuity were the provider to go bankrupt or change business focus.
"Jericho's next phase, which addresses secure collaboration in the cloud, is seen as a big step in the right direction," says Guy Bunker, chief scientist and distinguished engineer at Symantec. "Bringing together enterprise, system integrators, and application vendors has resulted in a practical approach to security in the next generation of collaboration architecture."
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author
You May Also Like
Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024