Data loss prevention and data leakage prevention are terms used interchangeably to describe the controls put in place by an organization to ensure that certain types of data (structured and unstructured) remain under organizational controls, in line with policies, standards, and procedures. Controls to protect data form the foundation of organizational security and enable the…
Category: cloudsecurity
Cloud Storage Services
At the core of all cloud services, products, and solutions are software tools with three underlying pillars of functionality: Processing data and running applications (compute servers) Moving data (networking) Preserving or storing data (storage) Cloud Storage Services Cloud storage is basically defined as data storage that is made available as a service via a network….
How Cloud impacts Supply Chain & Vendor Management
It is important to understand the capabilities and policies of your supporting vendors. Emergency communication paths should be established and tested with all vendors. Categorizing, or ranking, a vendor/supplier on some sort of scale is critical when managing the relationship with that vendor/supplier appropriately. Strategic suppliers are deemed to be mission critical and cannot be…
Audit: Assurance Challenges of Virtualization and Cloud
Previous article in series – Audit: Planning Traditional methods of assurance of services and controls management in an on-premises data center or even with colocation services are no longer sufficient given the complexity of virtualization and cloud services. To gain greater assurance of expected services, we can review information available from publicly accessible registries. Cloud…
Security Considerations for Software as a Service (SaaS)
Previous article in series – Security Considerations for PaaS When SaaS is consumed from a public cloud service provider, the security options that the customer can control may be only at the application level. In that model, application security is the responsibility of the cloud service provider, but the customer retains responsibility for identity access…
Security Considerations for Platform as a Service (PaaS)
Previous article in the series – IaaS: Cloud Virtual Infrastructure Threats With the PaaS (platform as a service) model the vendor offers a complete development environment in which application developers can create and deploy their code. This avoids the need to build a server environment to run an application and the need to install a…
IaaS: Cloud Virtual Infrastructure Threats
Previous article in series – IaaS: Hypervisor Security Provisioning tools and VM templates are exposed to different attacks that attempt to create new unauthorized VMs or patch the VM templates to infect the other VMs that will be cloned from this template. These new categories of security threats are a result of the new, complex,…
IaaS: Hypervisor Security
Previous article in series – Cloud Computing: Shared Security Model The hypervisor acts as the abstraction layer that provides the management functions for required hardware resources among VMs. Virtual machine attacks: Active VMs are vulnerable to all traditional attacks that can affect physical servers. Once a VM is compromised, it may be able to attack…
Cloud Computing: Shared Security Model
In cloud computing, security is a shared responsibility between the CSP and the customer. The service model will dictate the general responsibilities, but specifics will also vary based on the actual service being consumed. Security Considerations for Infrastructure as a Service (IaaS) Within IaaS, a key emphasis and focus must be placed on the various…
ISO/IEC 27017: Information Security Controls for Cloud Computing
ISO/IEC 27017:2015 gives guidelines for information security controls applicable to the provision and use of cloud services by providing: Additional implementation guidance for relevant controls specified in ISO/IEC 27002 Additional controls with implementation guidance that specifically relate to cloud services. This standard provides enhanced controls for cloud service providers and cloud service customers and should…