In a typical organization where applications are deployed within the organization’s perimeter the “trust boundary” is mostly static and is monitored and controlled by the IT department. In that traditional model, the trust boundary encompasses the network, systems, and applications hosted in a private data center managed by the IT department (sometimes third-party providers under IT supervision). And access to the network, systems, and applications is secured via network security controls including virtual private networks (VPNs), intrusion detection systems (IDSs), intrusion prevention systems (IPSs), and multifactor authentication.

With the adoption of cloud services, the organization’s trust boundary will become dynamic and will move beyond the control of IT. With cloud computing, the network, system, and application boundary of an organization will extend into the service provider domain. (This may already be the case for most large enterprises engaged in e-commerce, supply chain management, outsourcing, and collaboration with partners and communities.) This loss of control continues to challenge the established trusted governance and control model (including the trusted source of information for ...