This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Don't Trust. And Verify: A Security Architecture Stack for the Cloud
September/October 2010 (vol. 8 no. 5)
pp. 83-86
Gunnar Peterson, Arctec Group
Cloud computing requires a new security model. One promising model employs technology "patterns": gateways, monitoring, security token services, and policy enforcement points. These patterns help promote a healthy "distrust and verify" approach to cloud security.

1. "What Is Cloud Computing?" video, Joyent, 2008; www.youtube.comwatch?v=6PNuQHUiV3Q.
2. C. Hoff, "Incomplete Thought—Cloudanatomy: Infrastructure, Metastructure & Infostructure," blog, 19 June 2009; www.rationalsurvivability.com/blog?p=1070 .
3. M. Ranum, "What Is 'Deep Inspection'?"; www.ranum.com/security/computer_security/ editorialsdeepinspect.
4. W. Gross, "Don't Care," Pacific Investment Management Company, Mar. 2010; www.pimco.com/PagesInvestment%20Outlook%20March%202010%20Bill%20Gross%20Dont%20Care.aspx .

Index Terms:
cloud computing, cloud security, software as a service, platform as a service, infrastructure as a service, infostructure, metastructure, security token services, policy enforcement points, policy decision points, security and privacy
Citation:
Gunnar Peterson, "Don't Trust. And Verify: A Security Architecture Stack for the Cloud," IEEE Security & Privacy, vol. 8, no. 5, pp. 83-86, Sept.-Oct. 2010, doi:10.1109/MSP.2010.149
Usage of this product signifies your acceptance of the Terms of Use.