Physical and Environmental Protection ISO/IEC TS 22237-2 Protection and Availability Classes ISO/IEC TS 22237-2 lists multiple layers of security referred to as classes. Each class has a guidance profile that specifies the proper controls that should exist at each layer. Outer layers have less stringent control guidance than inner layers. The two topics of control…
Category: cloud
Secure Cloud Data Center Design – Part 2
Physical Environment ISO/IEC TS 22237-1:2018: Information technology — Data center facilities and infrastructures enumerates availability and protection classes that define different levels of recommended environment restrictions, automated support systems, and design criteria for data centers. The ISO/IEC 22237 seven-part series is comprised of: ISO/IEC TS 22237-1:2018 Information technology — Data center facilities and infrastructures outlines…
Secure Cloud Data Center Design – Part 1
Secure cloud data center design begins with a logical design that then leads to physical design. ISO/IEC 19441:2017 provides illumination on two key concerns related to data in a data center, namely portability and interoperability. The basic environmental protection concerns within a data center are evolving to include concerns outside of the data center. Logical…
Cloud Computing: Compute and Storage
Compute The compute resources of a cloud service provider are a combination of: The number of CPUs The amount of RAM memory These compute resources are managed and allocated on a per-guest OS and/or a per-host basis within a resource cluster. The use of reservations, limits, and shares provides the contextual ability for an administrator…
Cloud Computing: Network and Communications
Systems and services related to network and communications are not directly related to the cloud. However, network and communication services and the components that make those services possible are integral resources to cloud service and consumption. Network function virtualization (NFV) and software-defined networking (SDN) are the two ways in which traditional network management and presentation…
Cloud Computing: Virtualization and Management Plane
Virtualization involves sharing underlying resources to enable a more efficient and agile use of hardware, which drives management efficiency through reduced personnel resourcing and maintenance. Virtualization provides the ability to run multiple operating systems (guests) and their associated applications on a single physical host. The guest is an isolated software instance that is operable with…
Applying Controls for Personally Identifiable Information (PII)
The operative application of defined controls for the protection of PII is widely affected by the “cluster” of providers/sub-providers involved in the operation of a specific cloud service; therefore, any attempt to provide guidelines for this can be made only at a general level. Since the goal of applying data protection measures is to fulfill…
Data Security on the Cloud
Data stored in the cloud replicates, moves, and is backed up and restored just as non-cloud data is. However, the dynamic and elastic nature of the cloud can present unique challenges when looking to build efficient data governance policies in the virtualized, multitenant environment of the cloud. From time to time, an organization needs to…
Data Protection on the Cloud
Data protection policies should include guidelines for the different data lifecycle phases. In the cloud, the following three policies should receive proper adjustments and attention: Data retention Data deletion Data archiving Policies serve as the operational foundation for all aspects of data management and should be clearly reflected in data retention, deletion, and archival activities….
Data Classification for P&DP Purposes
The figure below provides a quick recap of the main input entities for data classification regarding P&DP. Data classification can be accomplished in different ways ranging from “tagging” the data by using other external information, to extrapolating the classification from the content of the data. The latter method, however, may raise some concerns because, according…