by Ariel Silverstone

Clearing the Cloud Part II | A Ray of Sunshine On A Cloudy Day || Cloud Computing Security (3)

Feb 20, 2010
Cloud Computing

continue discussion Controls in Cloud Security

Continuing with my article of last month, let’s continue discussion of Controls in Cloud Security:

One other element within Confidentiality is the ability to destroy data.  In a cloud, that we do not own, and on storage media that we do not control, there is high –probability that the same media be used for other purposes.   These storage buckets are dynamic and the service/platform/application provider might allocate them to other users.

This sharing, and in many cases, repeated sharing, of storage media leads to the need for assured destruction. We must follow a strict regime that states how long is data to be kept, when and by whom destroyed, and how such destruction is verified.  Since degaussing tapes and shredding CD’s is out of the question, we must employ more agile software- (or, dare we say – hardware?) based methods to assure that destruction.

Figure 5: Chercher les ...données?

Figure 7: Chercher les …données?

This question becomes infinitely more complicated when we consider that data at rest does not necessarily “rest” on a certain platen of a certain hard drive. The data can, and usually does, move between storage locations on the drives.   The onus is still on us to assure confidentiality, but… we don’t manage the drives.   The only practical solution here is to demand regular scouring of storage media from the service providers.   Do we think that such a requirement is feasible?

Figure 6:  Attention to Storage Media

Figure 8: Attention to Storage Media

Finally, lest someone think I am only talking about the storage aspect of Cloud Computing, the above discussion is easily applicable to processing in a Cloud as well

More…in two weeks.

         Come visit me at!