Homeland Security Consultants CEO Provides Cloud Security Guidance to the NIST Cloud Security Working Group
Robert Cope in conjunction with Thomas Earl of Arcitura presented the topic of Cloud Trust Boundaries to the NIST Cloud Security Working Group. Cloud Trust boundaries are used to identify the demarcation of authority between a Cloud Service Provider and the Cloud Service Consumer. Accurately identifying the Cloud Trust Boundary is critical for applying appropriate security controls to protect the service offering. Additionally, Cloud Consumers clearly understand what security controls will need to be supplied on their end.
Sean Cope, Homeland Security Consultants FedRAMP Lead brought up the topic that attack vectors can occur from within the Cloud Service or launched from a Cloud Consumer. Since the Cloud Consumer is a potential attack platform a trust rating (security designation) should be given to the Cloud Consumer so that the Cloud Service Provider has a trust metric with potential customers they serve. This would most likely apply to Cloud Systems with a High Security Categorization or other special needs circumstances.
Robert Cope will continue to work the NIST Cloud Security Working Group to further develop security engineering concepts dealing with cloud boundary security controls.