ABSTRACT
This chapter aims to examine the nature of security and what it means for information technology (IT), regardless of whether that IT is in the classic mainframe and client model or the latest iteration of cloud computing. Authorized access has evolved from something that was primarily a function of physical locks and uniformed security guards to a process designed to make sure that a given user is, in fact, who he or she claims to be. Cloud computing may actually provide enhanced security in this regard, because it allows access to data without requiring local copies of that data. The good news is that the experience gained in working with infrastructure vendors can be exploited when reaching agreements for cloud security. One critical piece of the overall security puzzle is that cloud applications and infrastructure should be thoroughly tested, just as traditional applications and infrastructure should be tested, on a regular basis.
