Summary
The (ISC)2 Twin Cities Area Chapter presentation Cloud Security by Matthew J. Harmon at the 2013 Annual Meeting introduces the fundamentals of virtualization and cloud computing, emphasizing both their transformative potential and the security considerations they entail.
Cloud Technology
First, Harmon unpacks virtualization basics like defining hypervisors (Type 1 and Type 2), guests, and core virtualization architecturesand maps these concepts onto cloud service models such as Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), and Anything-as-a-Service. He highlights key benefits including server consolidation, rapid provisioning and decommissioning of resources, auto-patching and silent upgrades, reduced operational overhead, and the ability to harvest processing power on demand. This framing positions cloud computing as a natural extension of traditional virtualization that delivers scale, flexibility, and cost efficiency.
Security and Privacy Risks
Second, the presentation shifts to the security and privacy risks inherent in cloud environments. Harmon details confidentiality challenges in multi-tenant platformswhere co-located data often lacks provider-managed encryption and availability threats stemming from service outages, contractual lock-in, or disputes with providers. He also addresses integrity risks due to limited transparency into vendor operations and the potential for insider threats. To mitigate these issues, he advocates a trust but verify approach: enforce end-to-end encryption (in transit, processing, and at rest), conduct rigorous vendor audits, codify security requirements in contracts, and maintain continuous risk assessments to ensure that cloud-hosted assets remain under organizational control and resilient against data breaches.