Secure cloud data center design begins with a logical design that then leads to physical design. ISO/IEC 19441:2017 provides illumination on two key concerns related to data in a data center, namely portability and interoperability. The basic environmental protection concerns within a data center are evolving to include concerns outside of the data center. Logical…
Month: July 2021
Cloud Computing: Compute and Storage
Compute The compute resources of a cloud service provider are a combination of: The number of CPUs The amount of RAM memory These compute resources are managed and allocated on a per-guest OS and/or a per-host basis within a resource cluster. The use of reservations, limits, and shares provides the contextual ability for an administrator…
Cloud Computing: Network and Communications
Systems and services related to network and communications are not directly related to the cloud. However, network and communication services and the components that make those services possible are integral resources to cloud service and consumption. Network function virtualization (NFV) and software-defined networking (SDN) are the two ways in which traditional network management and presentation…
Cloud Computing: Virtualization and Management Plane
Virtualization involves sharing underlying resources to enable a more efficient and agile use of hardware, which drives management efficiency through reduced personnel resourcing and maintenance. Virtualization provides the ability to run multiple operating systems (guests) and their associated applications on a single physical host. The guest is an isolated software instance that is operable with…
Continuous Operations
In order to support continuous operations, the following principles should be adopted as part of the security operations policies. Audit logging: Higher levels of assurance are required for protection, retention, and lifecycle management of audit logs, adhering to applicable legal, statutory, or regulatory compliance obligations. Audit logging also provides unique user access accountability that can…
Data Event Logging and Event Attributes
In order to be able to perform effective audits and investigations, the event log should contain as much of the relevant data as possible for the processes being examined. OWASP Proactive Controls v3.0, section C9, recommends the following when implementing security logging functions. For security logging implementation: Use a common logging format and approach within…
An Effective Information Security Continuous Monitoring (ISCM) Strategy
Continuous monitoring is a concept that has grown in importance during the transition to cloud computing. Information Security Continuous Monitoring (ISCM) is defined as “maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.” Resource: NIST SP 800-137, page vi http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-137.pdf The terms continuous and ongoing in this context mean…
Applying Controls for Personally Identifiable Information (PII)
The operative application of defined controls for the protection of PII is widely affected by the “cluster” of providers/sub-providers involved in the operation of a specific cloud service; therefore, any attempt to provide guidelines for this can be made only at a general level. Since the goal of applying data protection measures is to fulfill…
Data Security on the Cloud
Data stored in the cloud replicates, moves, and is backed up and restored just as non-cloud data is. However, the dynamic and elastic nature of the cloud can present unique challenges when looking to build efficient data governance policies in the virtualized, multitenant environment of the cloud. From time to time, an organization needs to…
Data Protection on the Cloud
Data protection policies should include guidelines for the different data lifecycle phases. In the cloud, the following three policies should receive proper adjustments and attention: Data retention Data deletion Data archiving Policies serve as the operational foundation for all aspects of data management and should be clearly reflected in data retention, deletion, and archival activities….