Comments on: Clearing the Cloud Part II |A Ray of Sunshine On A Cloudy Day || Cloud Computing Security http://arielsilverstone.com/cloud-computing-security/clearing-the-cloud-ii-cloud-computing-security/ Intelligent Business Security Mon, 16 Jan 2012 04:58:41 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Tweets that mention Clearing the Cloud Part II |A Ray of Sunshine On A Cloudy Day || Cloud Computing Security | The Security Blog -- Topsy.com http://arielsilverstone.com/cloud-computing-security/clearing-the-cloud-ii-cloud-computing-security/comment-page-1/#comment-444 Tweets that mention Clearing the Cloud Part II |A Ray of Sunshine On A Cloudy Day || Cloud Computing Security | The Security Blog -- Topsy.com Thu, 01 Jan 1970 00:00:00 +0000 http://arielsilverstone.com/?p=3282#comment-444 [...] This post was mentioned on Twitter by Jaime Chanaga, SilverstoneA. SilverstoneA said: RT @jaimechanaga: @SilverstoneA Good article on cloud security, thanks for sharing http://bit.ly/3quUtn TY for RT! [...] [...] This post was mentioned on Twitter by Jaime Chanaga, SilverstoneA. SilverstoneA said: RT @jaimechanaga: @SilverstoneA Good article on cloud security, thanks for sharing http://bit.ly/3quUtn TY for RT! [...]

]]> By: Christofer Hoff http://arielsilverstone.com/cloud-computing-security/clearing-the-cloud-ii-cloud-computing-security/comment-page-1/#comment-443 Christofer Hoff Thu, 01 Jan 1970 00:00:00 +0000 http://arielsilverstone.com/?p=3282#comment-443 Ariel: Good piece overall. However, as I mentioned to you previously, your comment regarding the "CSA model" being divergent and "exceedingly complex" in comparison to NIST's is both inaccurate and unfortunate. The SaaS, PaaS and IaaS delivery models in the CSA document were all taken from NISTs paper as were the bulk of the deployment models (public, private and hybrid) with the difference being NIST's community cloud versus CSA's managed cloud. You're comparing apples to donkeys inasmuch as you are trying to compare the underlying semantics of cloud composition/architectural definition (NIST's/CSA's) to a security reference model featuring confidentiality, integrity, availability, etc. They are orthogonal. The reason we have the architecture chapter is to define the context. The other 14 domains explore the security ramifications related to such. I'm still unclear as to what makes any of the CSA/NIST definitions "exceedingly complex." Perhaps the v2 document which is coming will make it less so. Regards, /Hoff Ariel:

Good piece overall. However, as I mentioned to you previously, your comment regarding the “CSA model” being divergent and “exceedingly complex” in comparison to NIST’s is both inaccurate and unfortunate.

The SaaS, PaaS and IaaS delivery models in the CSA document were all taken from NISTs paper as were the bulk of the deployment models (public, private and hybrid) with the difference being NIST’s community cloud versus CSA’s managed cloud.

You’re comparing apples to donkeys inasmuch as you are trying to compare the underlying semantics of cloud composition/architectural definition (NIST’s/CSA’s) to a security reference model featuring confidentiality, integrity, availability, etc.

They are orthogonal.

The reason we have the architecture chapter is to define the context. The other 14 domains explore the security ramifications related to such.

I’m still unclear as to what makes any of the CSA/NIST definitions “exceedingly complex.”

Perhaps the v2 document which is coming will make it less so.

Regards,

/Hoff

]]>