does anyone see "the Cloud" as anything other than a 3rd party, and that all of the security risks associated in the category of "3rd party" shall be applied...?

I agree, but there may be additional risks when you're utilising cloud services compared to the traditional hosted server offering. For example, the TOS for gtalk said that ( paraphrasing ) all content transmitted belongs to Google - you may want to read the fine print for any service very carefully.

yeah, so that poses a major issue for forensics programs, and a major issue for law enforcement jurisdiction. the latter sounds like a subpoena nightmare. and even more of a nightmare if disk you need to image contains data from other cloud customers. i have interviwed about two dozen or so vendors over last 3yrs who wanted to sell a service that was "in the cloud" but they could not guarantee that my data was spindle isolated. w/o spindle isolation then i'll never go to cloud services (unless the data is public data, etc).

I have to say it. Isn't cloud security an oxymoron?
Please don't get mad. Just a little humour.

To me, "cloud computing" is simply the latest manifestation of "timesharing," but with a sexy-sounding name that looks good in print because it looks good without actually saying what it is. (I always think about that certain scene in Toy Story 1 every time I hear it, though.)

It's just like that other thing that people don't stop and think about when they use shared-hosting services for their web sites: who else has an account on the same box that I do? And what can they see of my stuff? It turns out that most of the "web site takedowns" that I have been asked to look into were actually caused by someone else who had an account and who simply cd'd to their directory and found that the ftpusers group (which they were in also, of course ...) could do anything at all. To them.

Same deal with "cloud computing." It's the end of the consultant who "knows an iddy biddy bit about Linux" and who has books about Apache configuration files which he reads lovingly ... because it seeks to reduce computing-power to a commodity, which of course it is or should be.

Nevertheless... "spindle-isolated databases, on the cloud?" Not only "no," but "whale no!" There are things which you need to ensure are only on your computers. Nevertheless... those things might be only a small subset of the total presentation that you need to make. "The cloud" offers nearly-unlimited computing power that can also be geographically well-located relative to your clients wherever they may be. So, I think, it has a proper niche. It's just not a panacea. (Of course.) Even though the press, from time to time, might suggest otherwise. (Of course. They sell advertising and subscriptions for a living.)

yeah, its really unbelievable how using a tag name can get people to jump aboard. i forget where i heard it, i think on a eSymposium event, the guy said that the technology that the "cloud" is has been around for years but it simply didnt have a cool name, then came along the "cloud" coin phrase, and voila, its something new and exciting and its suppose to save you money. sure, can save you $$ but it poses serious security issues, such as forensics and control of the data.

+1 to this very thought. I will only put two types of data into "cloud" storage: A) stuff that is important enough that I want to have a copy that would survive the destruction of my home and that has been encrypted, B) stuff that is public enough that I don't care who sees it.

Many of these "cloud" services operate at no cost to the user. Nothing in this world is free. One must ask themselves the following: somebody is paying and what benefit are they getting?

+1 on your +1 statement.

it amazes me that many CISO'a CSO's (so-called security chiefs) embrace Cloud services as if it's some magical realm of the unknown that is safe and secure that saves the org $$$.

is the "cloud" model analogous to the deregulation of CA electric back in 1996 (think about it). once you tie data (biz apps) to the cloud then the cloud basically "owns" the biz customer (such as what Enron did). the cost to manage data in the cloud can be hugely manipulated by those who operate the cloud (cloud is sold as supply and demand), etc. the cloud numbs are basically saying "move your data to me, process it here". you pay them so them gets bigger and more powerful. the big picture says, "not a good idea". the only data worth anything anymore is PII, Facecrook (and others) is proving this.

i found many writes about "cloud", this one is a good summary http://www.techrepublic.com/blog/tec...-strategy/6838