No Governance, No Security: Simple as That
I recently had the opportunity to provide some of my thoughts to Alan Earls’ latest article on the challenges of cloud computing security at SearchSOA.
The bottom line, he relates, is that security is a big issue for cloud computing, and the only effective way to deliver security in the cloud is through good governance.
Alan quotes Daryl Plummer, Gartner analyst and leading thinker in the SOA space, who says gateways — which provide security, management, encryption, and identity management for services — take on a new role in cloud security management. The challenge is that policies must now be federated across multiple services and across multiple
gateways, he says.
David Linthicum, analyst at the Bick Group, says governance fits hand in glove with security. “Governance provides the policies around services so that they are only
allowed to perform actions that are in a range and if it is out of range they are disallowed and it
is reported to somebody,” he says.