Interesting draft from NIST on Security and Privacy Guidelines for Cloud Computing. Researchers have found that "organizational identification and authentication framework may not naturally extend into the cloud and extending or changing the existing framework to support cloud services may be difficult." (Chow et al., 2009)
One alternative is to create a new "cloud" identity system. Given the current state of information technology investment, it will likely be a "hard sell" to design, build, and support a second identity management system. Another alternative is to adopt a combination of eXtensible Access Control Markup Language (XACML) and Security Assertion Markup Language (SAML). The latter provides a secure mechanism to exchange "assertations" for authentication. The former (XACML) offers the capability for a cloud provider to control access to cloud resources in a standard/non-proprietary fashion.
The guideline paper concludes with this thought: "Many of the features that make cloud computing attractive can also be at odds with traditional security models and controls."
Source: NIST Guidelines on Security and Privacy in Public Cloud Computing
CIO Magazine reports:
Cloud computing, security and the mobile space hold the most growth potential in the coming years, according to IT professionals surveyed by tech staffing firm Modis.
Efficient (and/or affordable), secure, accessible. I don't really see anything new here. We did not need a new study to confirm these are potential growth areas. One can look at the recent and current strategic plans of the FedGov, DoD, and industry leaders to confirm.
Read entire CIO article: http://www.cio.com/article/693125/Study_IT_s_Future_Lies_with_Cloud_Computing_Security_and_Mobile?source=CIONLE_nlt_insider_2011-11-07
John Roberts and Wasim Al-Hamdani presented on cloud security in the InfoSecCD '11 Proceedings of the 2011 Information Security Curriculum Development Conference.
Interesting resources in the bibliography section:
12 Initiatives Outlined by the Comprehensive National Cybersecurity Initiative (CNCI) launched by President George W. Bush
in National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD-54/
HSPD-23) in January 2008.