SlideShare una empresa de Scribd logo

Cloud Computing Resource and Security Management

D
Dr. Radhey Shyam

This document provides an overview of resource management and security in cloud computing. It discusses inter-cloud resource management, resource provisioning models including advance, dynamic and user self-provisioning, and the global exchange of cloud resources. It also covers why cloud security governance is needed, what cloud security governance entails, common challenges around lack of management buy-in, controls, roles and metrics. Finally, it discusses key objectives for an effective cloud security governance model and what virtualized security is compared to traditional physical security.

Ingeniería
1 de 19
Descargar para leer sin conexión
Cloud Computing (KCS-713): Unit-4: Resource Management And Security In Cloud Dr. Radhey Shyam Professor Department of Computer Science and Engineering SRMGPC Lucknow (Affiliated to Dr. A.P.J. Abdul Kalam Technical University, Lucknow) Unit-4 have been compiled/prepared by Dr. Radhey Shyam, with grateful acknowledgment who made their course contents freely available. Feel free to use this study material for your own academic purposes. For any query, the communication can be made through my mail shyam0058@gmail.com. Date: December 07, 2021
Cloud Computing (KCS713) (UNIT – IV) Resource Management And Security In Cloud Inter Cloud Resource Management The cloud computing environment shares a variety of hardware and software resources. The inter cloud is a cloud of clouds constructed to support resource sharing between the clouds. The resources under the inter cloud environment are managed in distributed model without any central authority. The inter cloud communication and resource identification is a complex task. The inter cloud resource management services are build to perform resource discovery, match, select, composition, negotiate, schedule and monitor operations. Resource Provisioning Cloud provisioning is the allocation of resources and services from a cloud provider to a client. The growing catalog of cloud services that customers can provide includes infrastructure as a service, software as a service, and platform as a service, in public or private cloud environments. Provisioning is the process of configuring the IT infrastructure. It can also refer to the steps necessary to manage access to data and resources and make them available to users and systems. Once something has been provisioned, the next step is configuration. In cloud computing, a resource provisioning mechanism is required to supply cloud consumers a set of computing resources for processing the jobs and storing the data. Cloud providers can offer cloud consumers two resource provisioning plans, namely short-term on-demand and long-term reservation plans. Efficient resource provision which can guarantee the satisfactory cloud computing services to the end user, lays the foundation for the success of commercial competition. Resource provisioning is the allocation of a cloud provider's resources to a customer. When a cloud provider accepts a request from a customer, it must create the appropriate number of virtual machines (VMs) and allocate resources to support them. The process is conducted in several different ways: 1. Advance provisioning : With advance provisioning, the customer contracts with the provider for services and the provider prepares the appropriate resources in advance of start of service. The customer is charged a flat fee or is billed on a monthly basis.
2. Dynamic provisioning : With dynamic provisioning, the provider allocates more resources as they are needed and removes them when they are not. The customer is billed on a pay-per-use basis. When dynamic provisioning is used to create a hybrid cloud, it is sometimes referred to as cloud bursting. 3. User self-provisioning :With user self-provisioning (also known as cloud self-service), the customer purchases resources from the cloud provider through a web form, creating a customer account and paying for resources with a credit card. The provider's resources are available for customer use within hours, if not minutes. Global Exchange of Cloud Resources Global Cloud Xchange (GCX) offers network services which power digital transformation for enterprises, new media providers, and telecoms carriers. We cover all aspects of cloud-centric connectivity from managed SD-WAN and hybrid networks, to direct Cloud connections and 100 Gbps+ waves. With a pedigree going back 30+ years, GCX are experts in providing connectivity throughout the Emerging Markets Corridor into Asia via the vast GCX subsea network (the world’s largest private submarine cable network), with extensions available into more than 200 countries worldwide. Why Cloud Security Governance Is Needed Enterprises are increasingly pursuing the business advantages of migrating technology platforms and services into the cloud environment leveraging one or more of the three main cloud service areas – Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). These advantages include but are not limited to rapid information system deployment, significantly reduced operating costs, massive economies of scale, processing speed, and agility. However, subscription to these services often imply security and compliance challenges for enterprises who are often unprepared to resolve them. Data breaches, system vulnerabilities, insufficient identity, and credential and access management are some of the typical security challenges in the cloud environment that subscriber enterprises must address. In some situations, an enterprise may lack adequate operationalization and enforcement of policies, procedures, a formal operating model, or even a properly constituted organizational function to effectively manage security in the cloud. In other situations, the enterprise may also not sufficiently exercise its responsibility to protect data in the cloud or may lack the means for senior management visibility into cloud security performance and risks. These issues may prevail even when an enterprise stands to gain significant business benefits from transforming its service delivery model via the use of cloud computing platforms. The underlying business problem leading to these challenges is the lack of effective governance of cloud security. In this blog, I explore cloud security governance, common challenges, and review key targets that can help enterprises optimize the business benefits of cloud security programs.
What Is Cloud Security Governance? Cloud security governance refers to the management model that facilitates effective and efficient security management and operations in the cloud environment so that an enterprise’s business targets are achieved. This model incorporates a hierarchy of executive mandates, performance expectations, operational practices, structures, and metrics that, when implemented, result in the optimization of business value for an enterprise. Cloud security governance helps answer leadership questions such as: Are our security investments yielding the desired returns? Do we know our security risks and their business impact? Are we progressively reducing security risks to acceptable levels? Have we established a security-conscious culture within the enterprise? Strategic alignment, value delivery, risk mitigation, effective use of resources, and performance measurement are key objectives of any IT-related governance model, security included. To successfully pursue and achieve these objectives, it is important to understand the operational culture and business and customer profiles of an enterprise, so that an effective security governance model can be customized for the enterprise. Cloud Security Governance Challenges Whether developing a governance model from the start or having to retrofit one on existing investments in cloud, these are some of the common challenges: Lack of senior management participation and buy-in The lack of a senior management influenced and endorsed security policy is one of the common challenges facing cloud customers. An enterprise security policy is intended to set the executive tone, principles and expectations for security management and operations in the cloud. However, many enterprises tend to author security policies that are often laden with tactical content, and lack executive input or influence. The result of this situation is the ineffective definition and communication of executive tone and expectations for security in the cloud. To resolve this challenge, it is essential to engage enterprise executives in the discussion and definition of tone and expectations for security that will feed a formal enterprise security policy. It is also essential for the executives to take full accountability for the policy, communicating inherent provisions to the enterprise, and subsequently enforcing compliance Lack of embedded management operational controls Another common cloud security governance challenge is lack of embedded management controls into cloud security operational processes and procedures. Controls are often interpreted as an auditor’s checklist or repackaged as procedures, and as a result, are not effectively embedded into security operational processes and procedures as they should be, for purposes of optimizing value and reducing day-to-day operational risks. This lack of embedded controls may result in operational risks
that may not be apparent to the enterprise. For example, the security configuration of a device may be modified (change event) by a staffer without proper analysis of the business impact (control) of the modification. The net result could be the introduction of exploitable security weaknesses that may not have been apparent with this modification. The enterprise would now have to live with an inherent operational risk that could have been avoided if the control had been embedded in the change execution process. Lack of operating model, roles, and responsibilities Many enterprises moving into the cloud environment tend to lack a formal operating model for security, or do not have strategic and tactical roles and responsibilities properly defined and operationalized. This situation stifles the effectiveness of a security management and operational function/organization to support security in the cloud. Simply, establishing a hierarchy that includes designating an accountable official at the top, supported by a stakeholder committee, management team, operational staff, and third-party provider support (in that order) can help an enterprise to better manage and control security in the cloud, and protect associated investments in accordance with enterprise business goals. This hierarchy can be employed in an in-sourced, out-sourced, or co-sourced model depending on the culture, norms, and risk tolerance of the enterprise. Lack of metrics for measuring performance and risk Another major challenge for cloud customers is the lack of defined metrics to measure security performance and risks – a problem that also stifles executive visibility into the real security risks in the cloud. This challenge is directly attributable to the combination of other challenges discussed above. For example, a metric that quantitatively measures the number of exploitable security vulnerabilities on host devices in the cloud over time can be leveraged as an indicator of risk in the host device environment. Similarly, a metric that measures the number of user-reported security incidents over a given period can be leveraged as a performance indicator of staff awareness and training efforts. The challenges described above clearly highlight the need for cloud customers to establish a framework to effectively manage and support security in cloud management, so that the pursuit of business targets are not potentially compromised. Unless tone and expectations for cloud security are established (via an enterprise policy) to drive operational processes and procedures with embedded management controls, it is very difficult to determine or evaluate business value, performance, resource effectiveness, and risks regarding security operations in the cloud. Cloud security governance facilitates the institution of a model that helps enterprises explicitly address the challenges described above. Key Objectives for Cloud Security Governance Building a cloud security governance model for an enterprise requires strategic-level security management competencies in combination with the use of appropriate security standards and frameworks (e.g., NIST, ISO, CSA) and the adoption of a governance framework (e.g., COBIT). The first step is to visualize the overall governance structure, inherent components, and to direct its effective design and implementation. The use of appropriate security standards and frameworks allow
for a minimum standard of security controls to be implemented in the cloud, while also meeting customer and regulatory compliance obligations where applicable. A governance framework provides referential guidance and best practices for establishing the governance model for security in the cloud. The following represents key objectives to pursue in establishing a governance model for security in the cloud. These objectives assume that appropriate security standards and a governance framework have been chosen based on the enterprise’s business targets, customer profile, and obligations for protecting data and other information assets in the cloud environment. 1.Strategic Alignment Enterprises should mandate that security investments, services, and projects in the cloud are executed to achieve established business goals (e.g., market competitiveness, financial, or operational performance). 2.Value Delivery Enterprises should define, operationalize, and maintain an appropriate security function/organization with appropriate strategic and tactical representation, and charged with the responsibility to maximize the business value (Key Goal Indicators, ROI) from the pursuit of security initiatives in the cloud. 3. Risk Mitigation Security initiatives in the cloud should be subject to measurements that gauge effectiveness in mitigating risk to the enterprise (Key Risk Indicators). These initiatives should also yield results that progressively demonstrate a reduction in these risks over time. 4. Effective Use of Resources It is important for enterprises to establish a practical operating model for managing and performing security operations in the cloud, including the proper definition and operationalization of due processes, the institution of appropriate roles and responsibilities, and use of relevant tools for overall efficiency and effectiveness. 5. Sustained Performance Security initiatives in the cloud should be measurable in terms of performance, value and risk to the enterprise (Key Performance Indicators, Key Risk Indicators), and yield results that demonstrate attainment of desired targets (Key Goal Indicators) over time. What is virtualized security? Virtualized security, or security virtualization, refers to security solutions that are software-based and designed to work within a virtualized IT environment. This differs from traditional, hardware-based network security, which is static and runs on devices such as traditional firewalls, routers, and switches.
In contrast to hardware-based security, virtualized security is flexible and dynamic. Instead of being tied to a device, it can be deployed anywhere in the network and is often cloud-based. This is key for virtualized networks, in which operators spin up workloads and applications dynamically; virtualized security allows security services and functions to move around with those dynamically created workloads. Cloud security considerations (such as isolating multitenant environments in public cloud environments) are also important to virtualized security. The flexibility of virtualized security is helpful for securing hybrid and multi-cloud environments, where data and workloads migrate around a complicated ecosystem involving multiple vendors. What are the benefits of virtualized security? Virtualized security is now effectively necessary to keep up with the complex security demands of a virtualized network, plus it’s more flexible and efficient than traditional physical security. Here are some of its specific benefits: Cost-effectiveness: Virtualized security allows an enterprise to maintain a secure network without a large increase in spending on expensive proprietary hardware. Pricing for cloud-based virtualized security services is often determined by usage, which can mean additional savings for organizations that use resources efficiently. Flexibility: Virtualized security functions can follow workloads anywhere, which is crucial in a virtualized environment. It provides protection across multiple data centers and in multi-cloud and hybrid cloud environments, allowing an organization to take advantage of the full benefits of virtualization while also keeping data secure. Operational efficiency: Quicker and easier to deploy than hardware-based security, virtualized security doesn’t require IT teams to set up and configure multiple hardware appliances. Instead, they can set up security systems through centralized software, enabling rapid scaling. Using software to run security technology also allows security tasks to be automated, freeing up additional time for IT teams. Regulatory compliance: Traditional hardware-based security is static and unable to keep up with the demands of a virtualized network, making virtualized security a necessity for organizations that need to maintain regulatory compliance. How does virtualized security work? Virtualized security can take the functions of traditional security hardware appliances (such as firewalls and antivirus protection) and deploy them via software. In addition, virtualized security can also perform additional security functions. These functions are only possible due to the advantages of virtualization, and are designed to address the specific security needs of a virtualized environment. For example, an enterprise can insert security controls (such as encryption) between the application layer and the underlying infrastructure, or use strategies such as micro-segmentation to reduce the
potential attack surface. Virtualized security can be implemented as an application directly on a bare metal hypervisor (a position it can leverage to provide effective application monitoring) or as a hosted service on a virtual machine. In either case, it can be quickly deployed where it is most effective, unlike physical security, which is tied to a specific device. What are the risks of virtualized security? The increased complexity of virtualized security can be a challenge for IT, which in turn leads to increased risk. It’s harder to keep track of workloads and applications in a virtualized environment as they migrate across servers, which makes it more difficult to monitor security policies and configurations. It’s important to note, however, that many of these risks are already present in a virtualized environment, whether security services are virtualized or not. Following enterprise security best practices (such as spinning down virtual machines when they are no longer needed and using automation to keep security policies up to date) can help mitigate such risks. How is physical security different from virtualized security? Traditional physical security is hardware-based, and as a result, it’s inflexible and static. The traditional approach depends on devices deployed at strategic points across a network and is often focused on protecting the network perimeter (as with a traditional firewall). However, the perimeter of a virtualized, cloud-based network is necessarily porous and workloads and applications are dynamically created, increasing the potential attack surface. Traditional security also relies heavily upon port and protocol filtering, an approach that’s ineffective in a virtualized environment where addresses and ports are assigned dynamically. In such an environment, traditional hardware-based security is not enough; a cloud-based network requires virtualized security that can move around the network along with workloads and applications. What are the different types of virtualized security? There are many features and types of virtualized security, encompassing network security,application security, and cloud security. Some virtualized security technologies are essentially updated, virtualized versions of traditional security technology. Others are innovative new technologies that are built into the very fabric of the virtualized network. Some common types of virtualized security features include:  Segmentation, or making specific resources available only to specific applications and users. This typically takes the form of controlling traffic between different network segments or tiers.
 Micro-segmentation, or applying specific security policies at the workload level to create granular secure zones and limit an attacker’s ability to move through the network. Micro-segmentation divides a data center into segments and allows IT teams to define security controls for each segment individually, bolstering the data center’s resistance to attack.  Isolation, or separating independent workloads and applications on the same network. This is particularly important in a multitenant public cloud environment, and can also be used to isolate virtual networks from the underlying physical infrastructure, protecting the infrastructure from attack. SECURITY :‐In the computer industry, the term security or the phrase computer security ‐‐refers to techniques for ensuring that data stored in a computer cannot be read or compromised by any individuals without authorization. Most computer security measures involve data encryption and passwords. •Data encryption is the translation of data into a form that is unreadable without a deciphering mechanism. •A password is a secret word or phrase that gives a user access to a particular program or system. CLOUD COMPUTING SECURITY CHALLENGES:-  Cloud computing opens up a new world of opportunities for businesses, but mixed in with these opportunities are numerous security challenges that need to be considered and addressed prior to committing to a cloud computing strategy.  Cloud computing security challenges fall into three broad categories: •Data Protection: Securing your data both at rest and intransit •User Authentication: Limiting access to data and monitoring who accesses the data •Disaster and Data Breach Contingency Planning 1. Data Protection  Implementing a cloud computing strategy means placing critical data in the hands of a third party, so ensuring the data remains secure both at rest (data residing on storage media) as well as when in transit is of paramount importance.  Data needs to be encrypted at all times, with clearly defined roles when it comes to who will be managing the encryption keys.  In most cases, the only way to truly ensure confidentiality of encrypted data that resides on a cloud provider's storage servers is for the client to own and manage the data encryption keys. 2. User Authentication  Data resting in the cloud needs to be accessible only by those authorized to do so, making it critical to both restrict and monitor who will be accessing the company's data through the cloud.  In order to ensure the integrity of user authentication, companies need to be able to view data access logs and audit trails to verify that only authorized users are accessing the data.
 These access logs and audit trails additionally need to be secured and maintained for as long as the company needs or legal purposes require.
 As with all cloud computing security challenges, it's the responsibility of the customer to ensure that the cloud provider has taken all necessary security measures to protect the customer's data and the access to that data. 3. Contingency Planning  With the cloud serving as a single centralized repository for a company's mission‐critical data, the risks of having that data compromised due to a data breach or temporarily made unavailable due to a natural disaster are real concerns.  Much of the liability for the disruption of data in a cloud ultimately rests with the company whose mission‐critical operations depend on that data, although liability can and should be negotiated in a contract with the services provider prior to commitment.  A comprehensive security assessment from a neutral third‐party is strongly recommended as well.  Companies need to know how their data is being secured and what measures the service provider will be taking to ensure the integrity and availability of that data should the unexpected occur.  Additionally, companies should also have contingency plans in place in the event their cloud provider fails or goes bankrupt.  Can the data be easily retrieved and migrated to a new service provider or to a non‐cloud strategy if this happens? And what happens to the data and the ability to access that data if the provider gets acquired by another company? SECURITY ISSUES In Software as a Service (SaaS) model, the client needs to be dependent on the service provider for proper security measures of the system. The service provider must ensure that their multiple users don‘t get to see each other‘s private data. So, it becomes important to the user to ensure that right security measures are in place and also difficult to get an assurance that the application will be available when needed. Cloud computing providers need to provide some solution to solve the common security challenges that traditional communication systems face. At the same time, they also have to deal with other issues inherently introduced by the cloud computing paradigm itself. A. Authentication and authorization: The authorization and authentication applications used in enterprise environments need to be changed, so that they can work with a safe cloud environment. Forensics tasks will become much more difficult since it will be very hard or maybe not possible for investigators may to access the system hardware physically B. Data confidentiality: Confidentiality may refer to the prevention of unintentional or intentional unauthorized disclosure or distribution of secured private information. Confidentiality is closely related to the areas of encryption,intellectual property rights, traffic analysis, covert channels, and inference in cloud system. Whenever a business, an individual, a government agency, or any other entity wants to shares information over cloud,confidentiality or privacy is a questions nay need to be asked
C. Availability :The availability ensures the reliable and timely access to cloud data or cloud computing resources by the appropriate personnel. The availability is one of the big concerns of cloud service providers, since if the cloud service is disrupted or compromised in any way; it affects large no. of customers than in the traditional model. D. Information Security :In the SaaS model, the data of enterprise is stored outside of the enterprise boundary, which is at the SaaS vendor premises. Consequently, these SaaS vendor needs to adopt additional security features to ensure data security and prevent breaches due to security vulnerabilities in the application or by malicious employees. This will need the use of very strong encryption techniques for data security and highly competent authorization to control access private data. E. Data Acces Data access issue is mainly related to security policies provided to the users while accessing the data . Organizations have their own security policies based on which each employee can have access to a particular set of data. These security policies must be adhered by the cloud to avoid intrusion of data by unauthorized users. The SaaS model must be flexible enough to incorporate the specific policies put forward by the organization. F. Network Security In a SaaS deployment model, highly sensitive information is obtained from the various enterprises, then processed by the SaaS application and stored at the SaaS vendor‘s premises. All data flow over the network has to be secured in order to prevent leakage of sensitive information. G. Data breaches Since data from various users and business organizations lie together in a cloud environment, breaching into this environment will potentially make the data of all the users vulnerable. Thus, the cloud becomes a high potential target Identity management and sign-on process. H. Identity management : (IdM) or ID management is an area that deals with identifying individuals in a system and controlling the access to the resources in that system by placing restrictions on the established identities. Aria of IdM is considered as one of the biggest challenges in information security. When a SaaS provider want to know how to control who has access to what systems within the enterprise it becomes a lot more challenging task. SaaS Application Security:‐  The SaaS model dictates that the provider manages the entire suite of applications delivered to users.  Therefore, SaaS providers are largely responsible for securing the applications and components they offer to customers.  Customers are usually responsible for operational security functions, including user and access management as supported by the provider.  It is a common practice for prospective customers, usually under an NDA, to request information related to the provider’s security practices.
 This information should encompass  Design  Architecture  Development  Black‐and white‐box application security testing, and  Release management.  Some customers go to the extent of hiring independent security vendors to perform penetration testing (black‐box security testing) of SaaS applications (with consent from the provider) to gain assurance independently.  However, penetration testing can be costly and not all providers agree to this type of verification.  Extra attention needs to be paid to the authentication and access control features offered by SaaS CSPs. Usually that is the only security control available to manage risk to information.  Example: Web based administration user interface tool Google DOC  Additional controls should be implemented to manage privileged access to the SaaS administration tool, and enforce segregation of duties to protect the application from insider threats. In line with security standard practices, customers should implement a strong password policy—one that forces users to choose strong passwords when authenticating to an application  It is a common practice for SaaS providers to commingle their customer data (structured and unstructured) in a single virtual data store and rely on data tagging to enforce isolation between customer data.  In that multi tenant data store model, where encryption may not be feasible due to key management and other design barriers, data is tagged and stored with a unique customer identifier.  So the customers should understand the virtual data store architecture and the preventive mechanisms the SaaS providers use to guarantee the compartmentalization and isolation required in a virtual multi tenant environment. WHAT IS IDENTITY AND ACCESS MANAGEMENT? According to Gartner, Identity and Access Management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAM addresses the mission-critical need to ensure appropriate access to resources across increasingly heterogeneous technology environments. Enterprises traditionally used on-premises IAM software to manage identity and access policies, but nowadays, as companies add more cloud services to their environments, the process of managing identities is getting more complex. Therefore, adopting cloud-based Identity-as-a-Service (IDaaS) and cloud IAM solutions becomes a logical step.
WHAT DOES CLOUD IDENTITY AND ACCESS MANAGEMENT INCLUDE? Cloud IAM typically includes the following features:  Single Access Control Interface. Cloud IAM solutions provide a clean and consistent access control interface for all cloud platform services. The same interface can be used for all cloud services.  Enhanced Security. You can define increased security for critical applications.  Resource-level Access Control. You can define roles and grant permissions to users to access resources at different granularity levels. WHY DO YOU NEED IDENTITY AND ACCESS MANAGEMENT? Identity and Access Management technology can be used to initiate, capture, record, and manage user identities and their access permissions. All users are authenticated, authorized, and evaluated according to policies and roles. Poorly controlled IAM processes may lead to regulatory non-compliance; if the organization is audited, management may not be able to prove that company data is not at risk of being misused. HOW CAN CLOUD IAM HELP YOU? It can be difficult for a company to start using cloud Identity and Access Management solutions because they don’t directly increase profitability, and it is hard for a company to cede control over infrastructure. However, there are several perks that make using an IAM solution very valuable, such as the following:  The ability to spend less on enterprise security by relying on the centralized trust model to deal with Identity Management across third-party and own applications.  It enables your users to work from any location and any device.  You can give them access to all your applications using just one set of credentials through Single Sign-On.  You can protect your sensitive data and apps: Add extra layers of security to your mission- critical apps using Multifactor Authentication.  It helps maintain compliance of processes and procedures. A typical problem is that permissions are granted based on employees’ needs and tasks, and not revoked when they are no longer necessary, thus creating users with lots of unnecessary privileges.
AUTH0 AS YOUR CLOUD IAM SOLUTION Auth0 can authenticate your users with any identity provider running on any stack, any device or cloud. It provides Single Sign-On, Multifactor Authentication, Social Login, and several more features. You can read more about Auth0 features here: Why Auth0? In terms of authorization, you can use the power of the rule engine to define coarse-grained authorization — that is, rules that dictate who can login (for example: at what times, from which locations and devices, and so on). Auth0 also has a group memberships feature that can be exposed to the application (for example: group memberships in Active Directory, in Azure Active Directory, in the user’s metadata, and so on); based on that, you can do more fine-grained authorization (where only users in a particular group can access some applications). As organizations adopt more cloud services, security professionals face some new and interesting issues. One of the more pressing problems is the rapid proliferation of various identities associated with cloud service environments. Simply put, the more cloud services that are used, the more identities that need provisioning within these environments. Identity and access management (IAM) in cloud environments can be problematic for tracking, monitoring and controlling accounts. Here, learn more about these problems and how to address them in an enterprise cloud environment. Common cloud IAM challenges In addition to standard identity management issues plaguing enterprises today, such as user password fatigue and managing a distributed workforce, there are several cloud-specific challenges enterprises face, including the following:  improper service and user provisioning and deprovisioning -- for example, companies not deprovisioning form employee SaaS accounts;  zombie SaaS accounts -- inactive assigned users;  too many admin accounts; and  users bypassing enterprise IAM controls. What these issues illustrate is a lack of control over the account life cycle that many SaaS scenarios present. But account management and life cycle maintenance aren't the only issues when it comes to IAM in cloud settings -- the creation of roles and management of privileges within all types of cloud environments can also be challenging.
For large organizations that may have hundreds or even thousands of defined roles across numerous accounts, just gathering an inventory of the role assignments can be a huge undertaking. For example, one case study on the impact of cloud IAM by the security research team at Rhino Security Labs found a large number of incredibly common privilege escalation techniques in AWS in early 2018 that took advantage of poorly defined roles and privilege models. For large organizations that have hundreds or even thousands of defined roles across numerous accounts, just gathering an inventory of role assignments can be a huge undertaking. Fortunately, the research team at Rhino created a free tool that can remotely pull an inventory of all users with a breakdown of possible privilege escalation susceptibility. Best practices for meeting IAM challenges in the cloud To combat cloud IAM challenges, organizations need to develop a governance strategy for identities. While some may have enterprise IAM strategies in place internally, they will likely need to be adapted for cloud environments. For all actual human users, accounts should be directly linked to central directory services, such as Active Directory, which facilitate the provisioning, auditing and deprovisioning of accounts from a central store. All SaaS applications should require the use of single sign on linked to this central directory with federation technology. For PaaS and IaaS environments, identity governance can be somewhat trickier as all assets – servers, server less code, storage nodes and so on -- can have roles and privileges assigned to them. Some of these identities -- whether simple users and groups or more complex role assignments -- may not easily align with a central directory store. As such, DevOps teams may find it easier to use cloud-native tools to manage accounts and identities in some scenarios. There are several aspects of identity governance to focus on in these cases, including the following:  Enterprises should develop internal standards and account creation practices that govern how DevOps and other teams integrate identities and privilege models into cloud deployments. This should include account rationale, authentication and authorization methods and controls, and life cycle parameters.  Companies should use cloud-native or third-party tools to regularly pull lists of users, groups, roles and privilege assignments from cloud service environments. PowerShell for Azure and AWS Command Line Interface can collect this type of data, which will still need to be sorted, stored and analyzed by security admins.  Organizations must ensure logging and event monitoring mechanisms focus on all IAM activity in cloud provider environments and then monitor for any unusual activity or unauthorized changes.
Developing a governance plan for cloud IAM can be a tedious and lengthy process, but there are significant risks involved if enterprises don't. Also, don't forget to involve all relevant stakeholders as this can get political quickly. Security Governance An organisation’s board is responsible (and accountable to shareholders, regulators and customers) for the framework of standards, processes and activities that, together, make sure the organisation benefits securely from Cloud Computing. We are the leading provider of information, books, products and services that help boards develop, implement and maintain a Cloud governance framework. Trust boundaries in the Cloud Organisations are responsible for their own information. The nature of Cloud computing means that at some point the organisation will rely on a third party for some element of the security of its data. The point at which the responsibility passes from your organisation to your supplier is called the ‘trust boundary’ and it occurs at a different point for Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). Organisations need to satisfy themselves of the security and resilience of their Cloud service providers. They also need to observe their Data Protection Act 1998 (DPA) – and, from May 2018, General Data Protection Regulation (GDPR) – obligations. Cloud Controls Matrix The Cloud Security Alliance (CSA) developed and maintains the Cloud Control Matrix, a set of additional information security controls designed specifically for Cloud services providers (CSPs), and against which customers can carry out a security audit. BSI and the CSA have collaborated to offer a certification scheme (designed as an extension to ISO 27001) against which CSPs can achieve independent certification. Cloud security certification The CSA offers an open Cloud security certification process: STAR (Security, Trust and Assurance Registry). This scheme starts with self-assessment and progresses through process maturity to an externally certified maturity scheme, supported by an open registry of information about certified organisations. Continuity and resilience in the Cloud Cloud service providers are as likely to suffer operational outages as any other organisation. Physical infrastructure can also be negatively affected. Buyers of Cloud services should satisfy themselves that their CSPs are adequately resilient against operational risks. ISO22301 is an appropriate business continuity standard.
Data protection in the Cloud UK organisations that store personal data in the Cloud or that use a CSP must currently comply with the DPA. However, since the GDPR came into effect on 25 May 2018, data processors and data controllers are now accountable for the security of the personal data they process. CSPs and organisations that use them will need to implement appropriate technical and organisational measures to make sure that processing meets the GDPR’s requirements and protects the rights of data subjects. G-Cloud framework The UK government’s G-Cloud framework makes it faster and cheaper for the public sector to buy Cloud services. Suppliers are approved by the Crown Commercial Service (CCS) via the G-Cloud application process, which eliminates the need for them to go through a full tender process for each buyer. Suppliers can sell Cloud services via an online catalogue called the Digital Marketplace under three categories, or ‘lots’:  Cloud hosting– Cloud platform or infrastructure services.  Cloud software– applications that are accessed over the Internet and hosted in the Cloud.  Cloud support– services to help buyers set up and maintain their Cloud services. IT Governance G-Cloud consultancy services IT Governance has been approved to provide six cyber security services via the Digital Marketplace for Cloud support:  Cyber Health Check  Cyber Security Audit Review  Cyber Incident Response Management  SOC 2 Audit Readiness Assessment and Remediation  Technical Cyber Assurance  Cloud Security Compliance Readiness Assessment and Remediation References: [1] R Shyam, P Srivastava, DS Kushwaha, “A Taxonomy and Survey of Cloud Computing [Security Issues and Challenges]”, BL Joshi, 62, 2012. [2] PK Varshney, P Singh, R Shyam, “Weak Spots of Cloud Computing and Their Revelations”, BL
Joshi, 109, 2012. [3] Kai Hwang, Geoffrey C. Fox, Jack G. Dongarra, “Distributed and Cloud Computing, From Parallel Processing to the Internet of Things”, Morgan Kaufmann Publishers, 2012. [4] Rittinghouse, John W., and James F. Ransome, “Cloud Computing: Implementation, Management and Security”, CRC Press, 2017. [5] Rajkumar Buyya, Christian Vecchiola, S. Thamarai Selvi, “Mastering Cloud Computing”, Tata Mcgraw Hill, 2013. [6] Toby Velte, Anthony Velte, Robert Elsenpeter, “Cloud Computing – A Practical Approach”, Tata Mcgraw Hill, 2009. [7] George Reese, “Cloud Application Architectures: Building Applications and Infrastructure in the Cloud”: Transactional Systems for EC2 and Beyond (Theory in Practice), O’Reilly, 2009.

Recomendados

Cc unit 1 updated
Cc unit 1 updatedCc unit 1 updated
Cc unit 1 updatedDr. Radhey Shyam
 
Cc unit 3 updated version
Cc unit 3 updated versionCc unit 3 updated version
Cc unit 3 updated versionDr. Radhey Shyam
 
Cc unit 2 updated
Cc unit 2 updatedCc unit 2 updated
Cc unit 2 updatedDr. Radhey Shyam
 
CLOUD COMPUTING UNIT-5 NOTES
CLOUD COMPUTING UNIT-5 NOTESCLOUD COMPUTING UNIT-5 NOTES
CLOUD COMPUTING UNIT-5 NOTESTushar Dhoot
 
Cc unit 5
Cc unit 5Cc unit 5
Cc unit 5Dr. Radhey Shyam
 
Cloud computing notes unit II
Cloud computing notes unit II Cloud computing notes unit II
Cloud computing notes unit II NANDINI SHARMA
 
Cc unit 2 ppt
Cc unit 2 pptCc unit 2 ppt
Cc unit 2 pptDr VISU P
 
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARINGSURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARINGEditor IJMTER
 

Recomendados

Cc unit 1 updated
Cc unit 1 updatedCc unit 1 updated
Cc unit 1 updatedDr. Radhey Shyam
 
Cc unit 3 updated version
Cc unit 3 updated versionCc unit 3 updated version
Cc unit 3 updated versionDr. Radhey Shyam
 
Cc unit 2 updated
Cc unit 2 updatedCc unit 2 updated
Cc unit 2 updatedDr. Radhey Shyam
 
CLOUD COMPUTING UNIT-5 NOTES
CLOUD COMPUTING UNIT-5 NOTESCLOUD COMPUTING UNIT-5 NOTES
CLOUD COMPUTING UNIT-5 NOTESTushar Dhoot
 
Cc unit 5
Cc unit 5Cc unit 5
Cc unit 5Dr. Radhey Shyam
 
Cloud computing notes unit II
Cloud computing notes unit II Cloud computing notes unit II
Cloud computing notes unit II NANDINI SHARMA
 
Cc unit 2 ppt
Cc unit 2 pptCc unit 2 ppt
Cc unit 2 pptDr VISU P
 
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARINGSURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARINGEditor IJMTER
 
Service oriented software engineering
Service oriented software engineeringService oriented software engineering
Service oriented software engineeringSweta Kumari Barnwal
 
Module 3-cloud computing
Module 3-cloud computingModule 3-cloud computing
Module 3-cloud computingSweta Kumari Barnwal
 
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...United International Journal for Research & Technology
 
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...Design & Development of a Trustworthy and Secure Billing System for Cloud Com...
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...iosrjce
 
Cloud Computing - Introduction
Cloud Computing - IntroductionCloud Computing - Introduction
Cloud Computing - IntroductionDr. Sunil Kr. Pandey
 
Cloud computing it703 unit iii
Cloud computing it703 unit iiiCloud computing it703 unit iii
Cloud computing it703 unit iiiJitendra s Rathore
 
Cloud computing challenges with emphasis on amazon ec2 and windows azure
Cloud computing challenges with emphasis on amazon ec2 and windows azureCloud computing challenges with emphasis on amazon ec2 and windows azure
Cloud computing challenges with emphasis on amazon ec2 and windows azureIJCNCJournal
 
Cloud computing
Cloud computingCloud computing
Cloud computingMisha Ali
 
CLOUD COMPUTING: SECURITY ISSUES AND CHALLENGES
CLOUD COMPUTING: SECURITY ISSUES AND CHALLENGESCLOUD COMPUTING: SECURITY ISSUES AND CHALLENGES
CLOUD COMPUTING: SECURITY ISSUES AND CHALLENGESP singh
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Cyber forensics in cloud computing
Cyber forensics in cloud computingCyber forensics in cloud computing
Cyber forensics in cloud computingAlexander Decker
 
Configuration inerpsaas multi tenancy
Configuration inerpsaas multi tenancyConfiguration inerpsaas multi tenancy
Configuration inerpsaas multi tenancyijcseit
 
Jayant Ghorpade - Cloud Computing White Paper
Jayant Ghorpade - Cloud Computing White PaperJayant Ghorpade - Cloud Computing White Paper
Jayant Ghorpade - Cloud Computing White PaperJayant Ghorpade
 
Cloud Computing: Provide privacy and Security in Database-as-a-Service
Cloud Computing: Provide privacy and Security in Database-as-a-ServiceCloud Computing: Provide privacy and Security in Database-as-a-Service
Cloud Computing: Provide privacy and Security in Database-as-a-ServiceEditor Jacotech
 
Exploring the cloud deployment and service delivery models
Exploring the cloud deployment and service delivery modelsExploring the cloud deployment and service delivery models
Exploring the cloud deployment and service delivery modelscloudresearcher
 
cloud Resilience
cloud Resilience cloud Resilience
cloud Resilience Integral university, India
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0David Spinks
 
Understanding Cloud Maturity.pdf
Understanding Cloud Maturity.pdfUnderstanding Cloud Maturity.pdf
Understanding Cloud Maturity.pdfCiente
 
Understanding Cloud Maturity.pdf
Understanding Cloud Maturity.pdfUnderstanding Cloud Maturity.pdf
Understanding Cloud Maturity.pdfCiente
 
Migrating apps-to-the-cloud-final
Migrating apps-to-the-cloud-finalMigrating apps-to-the-cloud-final
Migrating apps-to-the-cloud-finaleng999
 
Managing Risk in the Cloud -The Role of Management
Managing Risk in the Cloud -The Role of ManagementManaging Risk in the Cloud -The Role of Management
Managing Risk in the Cloud -The Role of ManagementSatchit Dokras
 
What are the advantages of adopting public cloud
What are the advantages of adopting public cloudWhat are the advantages of adopting public cloud
What are the advantages of adopting public cloudNicole Khoo
 

Más contenido relacionado

La actualidad más candente

Service oriented software engineering
Service oriented software engineeringService oriented software engineering
Service oriented software engineeringSweta Kumari Barnwal
 
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...Design & Development of a Trustworthy and Secure Billing System for Cloud Com...
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...iosrjce
 
Cloud computing it703 unit iii
Cloud computing it703 unit iiiCloud computing it703 unit iii
Cloud computing it703 unit iiiJitendra s Rathore
 
Cloud computing challenges with emphasis on amazon ec2 and windows azure
Cloud computing challenges with emphasis on amazon ec2 and windows azureCloud computing challenges with emphasis on amazon ec2 and windows azure
Cloud computing challenges with emphasis on amazon ec2 and windows azureIJCNCJournal
 
Cloud computing
Cloud computingCloud computing
Cloud computingMisha Ali
 
CLOUD COMPUTING: SECURITY ISSUES AND CHALLENGES
CLOUD COMPUTING: SECURITY ISSUES AND CHALLENGESCLOUD COMPUTING: SECURITY ISSUES AND CHALLENGES
CLOUD COMPUTING: SECURITY ISSUES AND CHALLENGESP singh
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Cyber forensics in cloud computing
Cyber forensics in cloud computingCyber forensics in cloud computing
Cyber forensics in cloud computingAlexander Decker
 
Configuration inerpsaas multi tenancy
Configuration inerpsaas multi tenancyConfiguration inerpsaas multi tenancy
Configuration inerpsaas multi tenancyijcseit
 
Jayant Ghorpade - Cloud Computing White Paper
Jayant Ghorpade - Cloud Computing White PaperJayant Ghorpade - Cloud Computing White Paper
Jayant Ghorpade - Cloud Computing White PaperJayant Ghorpade
 
Cloud Computing: Provide privacy and Security in Database-as-a-Service
Cloud Computing: Provide privacy and Security in Database-as-a-ServiceCloud Computing: Provide privacy and Security in Database-as-a-Service
Cloud Computing: Provide privacy and Security in Database-as-a-ServiceEditor Jacotech
 
Exploring the cloud deployment and service delivery models
Exploring the cloud deployment and service delivery modelsExploring the cloud deployment and service delivery models
Exploring the cloud deployment and service delivery modelscloudresearcher
 

La actualidad más candente (15)

Service oriented software engineering
Service oriented software engineeringService oriented software engineering
Service oriented software engineering
 
Module 3-cloud computing
Module 3-cloud computingModule 3-cloud computing
Module 3-cloud computing
 
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
A Review on Data Protection of Cloud Computing Security, Benefits, Risks and ...
 
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...Design & Development of a Trustworthy and Secure Billing System for Cloud Com...
Design & Development of a Trustworthy and Secure Billing System for Cloud Com...
 
Cloud Computing - Introduction
Cloud Computing - IntroductionCloud Computing - Introduction
Cloud Computing - Introduction
 
Cloud computing it703 unit iii
Cloud computing it703 unit iiiCloud computing it703 unit iii
Cloud computing it703 unit iii
 
Cloud computing challenges with emphasis on amazon ec2 and windows azure
Cloud computing challenges with emphasis on amazon ec2 and windows azureCloud computing challenges with emphasis on amazon ec2 and windows azure
Cloud computing challenges with emphasis on amazon ec2 and windows azure
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
CLOUD COMPUTING: SECURITY ISSUES AND CHALLENGES
CLOUD COMPUTING: SECURITY ISSUES AND CHALLENGESCLOUD COMPUTING: SECURITY ISSUES AND CHALLENGES
CLOUD COMPUTING: SECURITY ISSUES AND CHALLENGES
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
Cyber forensics in cloud computing
Cyber forensics in cloud computingCyber forensics in cloud computing
Cyber forensics in cloud computing
 
Configuration inerpsaas multi tenancy
Configuration inerpsaas multi tenancyConfiguration inerpsaas multi tenancy
Configuration inerpsaas multi tenancy
 
Jayant Ghorpade - Cloud Computing White Paper
Jayant Ghorpade - Cloud Computing White PaperJayant Ghorpade - Cloud Computing White Paper
Jayant Ghorpade - Cloud Computing White Paper
 
Cloud Computing: Provide privacy and Security in Database-as-a-Service
Cloud Computing: Provide privacy and Security in Database-as-a-ServiceCloud Computing: Provide privacy and Security in Database-as-a-Service
Cloud Computing: Provide privacy and Security in Database-as-a-Service
 
Exploring the cloud deployment and service delivery models
Exploring the cloud deployment and service delivery modelsExploring the cloud deployment and service delivery models
Exploring the cloud deployment and service delivery models
 

Similar a Cloud Computing Resource and Security Management

Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0David Spinks
 
Understanding Cloud Maturity.pdf
Understanding Cloud Maturity.pdfUnderstanding Cloud Maturity.pdf
Understanding Cloud Maturity.pdfCiente
 
Understanding Cloud Maturity.pdf
Understanding Cloud Maturity.pdfUnderstanding Cloud Maturity.pdf
Understanding Cloud Maturity.pdfCiente
 
Migrating apps-to-the-cloud-final
Migrating apps-to-the-cloud-finalMigrating apps-to-the-cloud-final
Migrating apps-to-the-cloud-finaleng999
 
Managing Risk in the Cloud -The Role of Management
Managing Risk in the Cloud -The Role of ManagementManaging Risk in the Cloud -The Role of Management
Managing Risk in the Cloud -The Role of ManagementSatchit Dokras
 
What are the advantages of adopting public cloud
What are the advantages of adopting public cloudWhat are the advantages of adopting public cloud
What are the advantages of adopting public cloudNicole Khoo
 
Hybrid & Multi-cloud Environment.pdf
Hybrid & Multi-cloud Environment.pdfHybrid & Multi-cloud Environment.pdf
Hybrid & Multi-cloud Environment.pdfmanoharparakh
 
Pillars Of Cloud Computing: Decoding The Fundamentals
Pillars Of Cloud Computing: Decoding The FundamentalsPillars Of Cloud Computing: Decoding The Fundamentals
Pillars Of Cloud Computing: Decoding The FundamentalsCiente
 
Essential Components of a Successful Cloud Migration Strategy
Essential Components of a Successful Cloud Migration StrategyEssential Components of a Successful Cloud Migration Strategy
Essential Components of a Successful Cloud Migration StrategyChristine Shepherd
 
Hybrid Cloud - Key Benefits & Must Have Requirements
Hybrid Cloud - Key Benefits & Must Have RequirementsHybrid Cloud - Key Benefits & Must Have Requirements
Hybrid Cloud - Key Benefits & Must Have RequirementsJamcracker Inc
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 
Cloud Migration Services | Strategy, Processes, Benefits & Risks
Cloud Migration Services | Strategy, Processes, Benefits & RisksCloud Migration Services | Strategy, Processes, Benefits & Risks
Cloud Migration Services | Strategy, Processes, Benefits & RisksDevLabs Global
 
Cloud migration risks and challenges
Cloud migration risks and challengesCloud migration risks and challenges
Cloud migration risks and challengesPolestarsolutions
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...SafeNet
 
Migrating to Cloud? 5 motivations and 10 key security architecture considerat...
Migrating to Cloud? 5 motivations and 10 key security architecture considerat...Migrating to Cloud? 5 motivations and 10 key security architecture considerat...
Migrating to Cloud? 5 motivations and 10 key security architecture considerat...Yew Weisin
 
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET Journal
 
How to Achieve Cost Optimization through Managed Cloud Services?
How to Achieve Cost Optimization through Managed Cloud Services?How to Achieve Cost Optimization through Managed Cloud Services?
How to Achieve Cost Optimization through Managed Cloud Services?MilesWeb
 

Similar a Cloud Computing Resource and Security Management (20)

cloud Resilience
cloud Resilience cloud Resilience
cloud Resilience
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
 
Understanding Cloud Maturity.pdf
Understanding Cloud Maturity.pdfUnderstanding Cloud Maturity.pdf
Understanding Cloud Maturity.pdf
 
Understanding Cloud Maturity.pdf
Understanding Cloud Maturity.pdfUnderstanding Cloud Maturity.pdf
Understanding Cloud Maturity.pdf
 
Migrating apps-to-the-cloud-final
Migrating apps-to-the-cloud-finalMigrating apps-to-the-cloud-final
Migrating apps-to-the-cloud-final
 
Managing Risk in the Cloud -The Role of Management
Managing Risk in the Cloud -The Role of ManagementManaging Risk in the Cloud -The Role of Management
Managing Risk in the Cloud -The Role of Management
 
What are the advantages of adopting public cloud
What are the advantages of adopting public cloudWhat are the advantages of adopting public cloud
What are the advantages of adopting public cloud
 
Hybrid & Multi-cloud Environment.pdf
Hybrid & Multi-cloud Environment.pdfHybrid & Multi-cloud Environment.pdf
Hybrid & Multi-cloud Environment.pdf
 
Pillars Of Cloud Computing: Decoding The Fundamentals
Pillars Of Cloud Computing: Decoding The FundamentalsPillars Of Cloud Computing: Decoding The Fundamentals
Pillars Of Cloud Computing: Decoding The Fundamentals
 
Essential Components of a Successful Cloud Migration Strategy
Essential Components of a Successful Cloud Migration StrategyEssential Components of a Successful Cloud Migration Strategy
Essential Components of a Successful Cloud Migration Strategy
 
Hybrid Cloud - Key Benefits & Must Have Requirements
Hybrid Cloud - Key Benefits & Must Have RequirementsHybrid Cloud - Key Benefits & Must Have Requirements
Hybrid Cloud - Key Benefits & Must Have Requirements
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and Applications
 
Cloud Migration Services | Strategy, Processes, Benefits & Risks
Cloud Migration Services | Strategy, Processes, Benefits & RisksCloud Migration Services | Strategy, Processes, Benefits & Risks
Cloud Migration Services | Strategy, Processes, Benefits & Risks
 
Cloud migration risks and challenges
Cloud migration risks and challengesCloud migration risks and challenges
Cloud migration risks and challenges
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
 
Migrating to Cloud? 5 motivations and 10 key security architecture considerat...
Migrating to Cloud? 5 motivations and 10 key security architecture considerat...Migrating to Cloud? 5 motivations and 10 key security architecture considerat...
Migrating to Cloud? 5 motivations and 10 key security architecture considerat...
 
ETCA_5
ETCA_5ETCA_5
ETCA_5
 
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
 
How to Achieve Cost Optimization through Managed Cloud Services?
How to Achieve Cost Optimization through Managed Cloud Services?How to Achieve Cost Optimization through Managed Cloud Services?
How to Achieve Cost Optimization through Managed Cloud Services?
 
Data Security and Privacy in Cloud Computing
Data Security and Privacy in Cloud ComputingData Security and Privacy in Cloud Computing
Data Security and Privacy in Cloud Computing
 

Más de Dr. Radhey Shyam

KIT-601-L-UNIT-1 (Revised) Introduction to Data Analytcs.pdf
KIT-601-L-UNIT-1 (Revised) Introduction to Data Analytcs.pdfKIT-601-L-UNIT-1 (Revised) Introduction to Data Analytcs.pdf
KIT-601-L-UNIT-1 (Revised) Introduction to Data Analytcs.pdfDr. Radhey Shyam
 
SE-UNIT-3-II-Software metrics, numerical and their solutions.pdf
SE-UNIT-3-II-Software metrics, numerical and their solutions.pdfSE-UNIT-3-II-Software metrics, numerical and their solutions.pdf
SE-UNIT-3-II-Software metrics, numerical and their solutions.pdfDr. Radhey Shyam
 
Introduction to Data Analytics and data analytics life cycle
Introduction to Data Analytics and data analytics life cycleIntroduction to Data Analytics and data analytics life cycle
Introduction to Data Analytics and data analytics life cycleDr. Radhey Shyam
 
KIT-601 Lecture Notes-UNIT-2.pdf
KIT-601 Lecture Notes-UNIT-2.pdfKIT-601 Lecture Notes-UNIT-2.pdf
KIT-601 Lecture Notes-UNIT-2.pdfDr. Radhey Shyam
 
KIT-601 Lecture Notes-UNIT-1.pdf
KIT-601 Lecture Notes-UNIT-1.pdfKIT-601 Lecture Notes-UNIT-1.pdf
KIT-601 Lecture Notes-UNIT-1.pdfDr. Radhey Shyam
 
Deep-Learning-2017-Lecture5CNN.pptx
Deep-Learning-2017-Lecture5CNN.pptxDeep-Learning-2017-Lecture5CNN.pptx
Deep-Learning-2017-Lecture5CNN.pptxDr. Radhey Shyam
 
SE UNIT-3 (Software metrics).pdf
SE UNIT-3 (Software metrics).pdfSE UNIT-3 (Software metrics).pdf
SE UNIT-3 (Software metrics).pdfDr. Radhey Shyam
 
Ip unit 4 modified on 22.06.21
Ip unit 4 modified on 22.06.21Ip unit 4 modified on 22.06.21
Ip unit 4 modified on 22.06.21Dr. Radhey Shyam
 
Ip unit 3 modified of 26.06.2021
Ip unit 3 modified of 26.06.2021Ip unit 3 modified of 26.06.2021
Ip unit 3 modified of 26.06.2021Dr. Radhey Shyam
 
Ip unit 2 modified on 8.6.2021
Ip unit 2 modified on 8.6.2021Ip unit 2 modified on 8.6.2021
Ip unit 2 modified on 8.6.2021Dr. Radhey Shyam
 

Más de Dr. Radhey Shyam (20)

KIT-601-L-UNIT-1 (Revised) Introduction to Data Analytcs.pdf
KIT-601-L-UNIT-1 (Revised) Introduction to Data Analytcs.pdfKIT-601-L-UNIT-1 (Revised) Introduction to Data Analytcs.pdf
KIT-601-L-UNIT-1 (Revised) Introduction to Data Analytcs.pdf
 
SE-UNIT-3-II-Software metrics, numerical and their solutions.pdf
SE-UNIT-3-II-Software metrics, numerical and their solutions.pdfSE-UNIT-3-II-Software metrics, numerical and their solutions.pdf
SE-UNIT-3-II-Software metrics, numerical and their solutions.pdf
 
Introduction to Data Analytics and data analytics life cycle
Introduction to Data Analytics and data analytics life cycleIntroduction to Data Analytics and data analytics life cycle
Introduction to Data Analytics and data analytics life cycle
 
KCS-501-3.pdf
KCS-501-3.pdfKCS-501-3.pdf
KCS-501-3.pdf
 
KIT-601 Lecture Notes-UNIT-2.pdf
KIT-601 Lecture Notes-UNIT-2.pdfKIT-601 Lecture Notes-UNIT-2.pdf
KIT-601 Lecture Notes-UNIT-2.pdf
 
KIT-601 Lecture Notes-UNIT-1.pdf
KIT-601 Lecture Notes-UNIT-1.pdfKIT-601 Lecture Notes-UNIT-1.pdf
KIT-601 Lecture Notes-UNIT-1.pdf
 
KCS-055 U5.pdf
KCS-055 U5.pdfKCS-055 U5.pdf
KCS-055 U5.pdf
 
KCS-055 MLT U4.pdf
KCS-055 MLT U4.pdfKCS-055 MLT U4.pdf
KCS-055 MLT U4.pdf
 
Deep-Learning-2017-Lecture5CNN.pptx
Deep-Learning-2017-Lecture5CNN.pptxDeep-Learning-2017-Lecture5CNN.pptx
Deep-Learning-2017-Lecture5CNN.pptx
 
SE UNIT-3 (Software metrics).pdf
SE UNIT-3 (Software metrics).pdfSE UNIT-3 (Software metrics).pdf
SE UNIT-3 (Software metrics).pdf
 
SE UNIT-2.pdf
SE UNIT-2.pdfSE UNIT-2.pdf
SE UNIT-2.pdf
 
SE UNIT-1 Revised.pdf
SE UNIT-1 Revised.pdfSE UNIT-1 Revised.pdf
SE UNIT-1 Revised.pdf
 
SE UNIT-3.pdf
SE UNIT-3.pdfSE UNIT-3.pdf
SE UNIT-3.pdf
 
Ip unit 5
Ip unit 5Ip unit 5
Ip unit 5
 
Ip unit 4 modified on 22.06.21
Ip unit 4 modified on 22.06.21Ip unit 4 modified on 22.06.21
Ip unit 4 modified on 22.06.21
 
Ip unit 3 modified of 26.06.2021
Ip unit 3 modified of 26.06.2021Ip unit 3 modified of 26.06.2021
Ip unit 3 modified of 26.06.2021
 
Ip unit 2 modified on 8.6.2021
Ip unit 2 modified on 8.6.2021Ip unit 2 modified on 8.6.2021
Ip unit 2 modified on 8.6.2021
 
Ip unit 1
Ip unit 1Ip unit 1
Ip unit 1
 
Iot lab manual new
Iot lab manual newIot lab manual new
Iot lab manual new
 
Decision tree learning
Decision tree learningDecision tree learning
Decision tree learning
 

Último

Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxDeepakSakkari2
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxPoojaBan
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxbritheesh05
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxk795866
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)dollysharma2066
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)Dr SOUNDIRARAJ N
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catcherssdickerson1
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEroselinkalist12
 
An introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxAn introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxPurva Nikam
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...srsj9000
 
8251 universal synchronous asynchronous receiver transmitter
8251 universal synchronous asynchronous receiver transmitter8251 universal synchronous asynchronous receiver transmitter
8251 universal synchronous asynchronous receiver transmitterShivangiSharma879191
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfAsst.prof M.Gokilavani
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 

Último (20)

young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptx
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptx
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptx
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
 
An introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxAn introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptx
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
 
8251 universal synchronous asynchronous receiver transmitter
8251 universal synchronous asynchronous receiver transmitter8251 universal synchronous asynchronous receiver transmitter
8251 universal synchronous asynchronous receiver transmitter
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
 
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 

Cloud Computing Resource and Security Management

  • 1. Cloud Computing (KCS-713): Unit-4: Resource Management And Security In Cloud Dr. Radhey Shyam Professor Department of Computer Science and Engineering SRMGPC Lucknow (Affiliated to Dr. A.P.J. Abdul Kalam Technical University, Lucknow) Unit-4 have been compiled/prepared by Dr. Radhey Shyam, with grateful acknowledgment who made their course contents freely available. Feel free to use this study material for your own academic purposes. For any query, the communication can be made through my mail shyam0058@gmail.com. Date: December 07, 2021
  • 2. Cloud Computing (KCS713) (UNIT – IV) Resource Management And Security In Cloud Inter Cloud Resource Management The cloud computing environment shares a variety of hardware and software resources. The inter cloud is a cloud of clouds constructed to support resource sharing between the clouds. The resources under the inter cloud environment are managed in distributed model without any central authority. The inter cloud communication and resource identification is a complex task. The inter cloud resource management services are build to perform resource discovery, match, select, composition, negotiate, schedule and monitor operations. Resource Provisioning Cloud provisioning is the allocation of resources and services from a cloud provider to a client. The growing catalog of cloud services that customers can provide includes infrastructure as a service, software as a service, and platform as a service, in public or private cloud environments. Provisioning is the process of configuring the IT infrastructure. It can also refer to the steps necessary to manage access to data and resources and make them available to users and systems. Once something has been provisioned, the next step is configuration. In cloud computing, a resource provisioning mechanism is required to supply cloud consumers a set of computing resources for processing the jobs and storing the data. Cloud providers can offer cloud consumers two resource provisioning plans, namely short-term on-demand and long-term reservation plans. Efficient resource provision which can guarantee the satisfactory cloud computing services to the end user, lays the foundation for the success of commercial competition. Resource provisioning is the allocation of a cloud provider's resources to a customer. When a cloud provider accepts a request from a customer, it must create the appropriate number of virtual machines (VMs) and allocate resources to support them. The process is conducted in several different ways: 1. Advance provisioning : With advance provisioning, the customer contracts with the provider for services and the provider prepares the appropriate resources in advance of start of service. The customer is charged a flat fee or is billed on a monthly basis.
  • 3. 2. Dynamic provisioning : With dynamic provisioning, the provider allocates more resources as they are needed and removes them when they are not. The customer is billed on a pay-per-use basis. When dynamic provisioning is used to create a hybrid cloud, it is sometimes referred to as cloud bursting. 3. User self-provisioning :With user self-provisioning (also known as cloud self-service), the customer purchases resources from the cloud provider through a web form, creating a customer account and paying for resources with a credit card. The provider's resources are available for customer use within hours, if not minutes. Global Exchange of Cloud Resources Global Cloud Xchange (GCX) offers network services which power digital transformation for enterprises, new media providers, and telecoms carriers. We cover all aspects of cloud-centric connectivity from managed SD-WAN and hybrid networks, to direct Cloud connections and 100 Gbps+ waves. With a pedigree going back 30+ years, GCX are experts in providing connectivity throughout the Emerging Markets Corridor into Asia via the vast GCX subsea network (the world’s largest private submarine cable network), with extensions available into more than 200 countries worldwide. Why Cloud Security Governance Is Needed Enterprises are increasingly pursuing the business advantages of migrating technology platforms and services into the cloud environment leveraging one or more of the three main cloud service areas – Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). These advantages include but are not limited to rapid information system deployment, significantly reduced operating costs, massive economies of scale, processing speed, and agility. However, subscription to these services often imply security and compliance challenges for enterprises who are often unprepared to resolve them. Data breaches, system vulnerabilities, insufficient identity, and credential and access management are some of the typical security challenges in the cloud environment that subscriber enterprises must address. In some situations, an enterprise may lack adequate operationalization and enforcement of policies, procedures, a formal operating model, or even a properly constituted organizational function to effectively manage security in the cloud. In other situations, the enterprise may also not sufficiently exercise its responsibility to protect data in the cloud or may lack the means for senior management visibility into cloud security performance and risks. These issues may prevail even when an enterprise stands to gain significant business benefits from transforming its service delivery model via the use of cloud computing platforms. The underlying business problem leading to these challenges is the lack of effective governance of cloud security. In this blog, I explore cloud security governance, common challenges, and review key targets that can help enterprises optimize the business benefits of cloud security programs.
  • 4. What Is Cloud Security Governance? Cloud security governance refers to the management model that facilitates effective and efficient security management and operations in the cloud environment so that an enterprise’s business targets are achieved. This model incorporates a hierarchy of executive mandates, performance expectations, operational practices, structures, and metrics that, when implemented, result in the optimization of business value for an enterprise. Cloud security governance helps answer leadership questions such as: Are our security investments yielding the desired returns? Do we know our security risks and their business impact? Are we progressively reducing security risks to acceptable levels? Have we established a security-conscious culture within the enterprise? Strategic alignment, value delivery, risk mitigation, effective use of resources, and performance measurement are key objectives of any IT-related governance model, security included. To successfully pursue and achieve these objectives, it is important to understand the operational culture and business and customer profiles of an enterprise, so that an effective security governance model can be customized for the enterprise. Cloud Security Governance Challenges Whether developing a governance model from the start or having to retrofit one on existing investments in cloud, these are some of the common challenges: Lack of senior management participation and buy-in The lack of a senior management influenced and endorsed security policy is one of the common challenges facing cloud customers. An enterprise security policy is intended to set the executive tone, principles and expectations for security management and operations in the cloud. However, many enterprises tend to author security policies that are often laden with tactical content, and lack executive input or influence. The result of this situation is the ineffective definition and communication of executive tone and expectations for security in the cloud. To resolve this challenge, it is essential to engage enterprise executives in the discussion and definition of tone and expectations for security that will feed a formal enterprise security policy. It is also essential for the executives to take full accountability for the policy, communicating inherent provisions to the enterprise, and subsequently enforcing compliance Lack of embedded management operational controls Another common cloud security governance challenge is lack of embedded management controls into cloud security operational processes and procedures. Controls are often interpreted as an auditor’s checklist or repackaged as procedures, and as a result, are not effectively embedded into security operational processes and procedures as they should be, for purposes of optimizing value and reducing day-to-day operational risks. This lack of embedded controls may result in operational risks
  • 5. that may not be apparent to the enterprise. For example, the security configuration of a device may be modified (change event) by a staffer without proper analysis of the business impact (control) of the modification. The net result could be the introduction of exploitable security weaknesses that may not have been apparent with this modification. The enterprise would now have to live with an inherent operational risk that could have been avoided if the control had been embedded in the change execution process. Lack of operating model, roles, and responsibilities Many enterprises moving into the cloud environment tend to lack a formal operating model for security, or do not have strategic and tactical roles and responsibilities properly defined and operationalized. This situation stifles the effectiveness of a security management and operational function/organization to support security in the cloud. Simply, establishing a hierarchy that includes designating an accountable official at the top, supported by a stakeholder committee, management team, operational staff, and third-party provider support (in that order) can help an enterprise to better manage and control security in the cloud, and protect associated investments in accordance with enterprise business goals. This hierarchy can be employed in an in-sourced, out-sourced, or co-sourced model depending on the culture, norms, and risk tolerance of the enterprise. Lack of metrics for measuring performance and risk Another major challenge for cloud customers is the lack of defined metrics to measure security performance and risks – a problem that also stifles executive visibility into the real security risks in the cloud. This challenge is directly attributable to the combination of other challenges discussed above. For example, a metric that quantitatively measures the number of exploitable security vulnerabilities on host devices in the cloud over time can be leveraged as an indicator of risk in the host device environment. Similarly, a metric that measures the number of user-reported security incidents over a given period can be leveraged as a performance indicator of staff awareness and training efforts. The challenges described above clearly highlight the need for cloud customers to establish a framework to effectively manage and support security in cloud management, so that the pursuit of business targets are not potentially compromised. Unless tone and expectations for cloud security are established (via an enterprise policy) to drive operational processes and procedures with embedded management controls, it is very difficult to determine or evaluate business value, performance, resource effectiveness, and risks regarding security operations in the cloud. Cloud security governance facilitates the institution of a model that helps enterprises explicitly address the challenges described above. Key Objectives for Cloud Security Governance Building a cloud security governance model for an enterprise requires strategic-level security management competencies in combination with the use of appropriate security standards and frameworks (e.g., NIST, ISO, CSA) and the adoption of a governance framework (e.g., COBIT). The first step is to visualize the overall governance structure, inherent components, and to direct its effective design and implementation. The use of appropriate security standards and frameworks allow
  • 6. for a minimum standard of security controls to be implemented in the cloud, while also meeting customer and regulatory compliance obligations where applicable. A governance framework provides referential guidance and best practices for establishing the governance model for security in the cloud. The following represents key objectives to pursue in establishing a governance model for security in the cloud. These objectives assume that appropriate security standards and a governance framework have been chosen based on the enterprise’s business targets, customer profile, and obligations for protecting data and other information assets in the cloud environment. 1.Strategic Alignment Enterprises should mandate that security investments, services, and projects in the cloud are executed to achieve established business goals (e.g., market competitiveness, financial, or operational performance). 2.Value Delivery Enterprises should define, operationalize, and maintain an appropriate security function/organization with appropriate strategic and tactical representation, and charged with the responsibility to maximize the business value (Key Goal Indicators, ROI) from the pursuit of security initiatives in the cloud. 3. Risk Mitigation Security initiatives in the cloud should be subject to measurements that gauge effectiveness in mitigating risk to the enterprise (Key Risk Indicators). These initiatives should also yield results that progressively demonstrate a reduction in these risks over time. 4. Effective Use of Resources It is important for enterprises to establish a practical operating model for managing and performing security operations in the cloud, including the proper definition and operationalization of due processes, the institution of appropriate roles and responsibilities, and use of relevant tools for overall efficiency and effectiveness. 5. Sustained Performance Security initiatives in the cloud should be measurable in terms of performance, value and risk to the enterprise (Key Performance Indicators, Key Risk Indicators), and yield results that demonstrate attainment of desired targets (Key Goal Indicators) over time. What is virtualized security? Virtualized security, or security virtualization, refers to security solutions that are software-based and designed to work within a virtualized IT environment. This differs from traditional, hardware-based network security, which is static and runs on devices such as traditional firewalls, routers, and switches.
  • 7. In contrast to hardware-based security, virtualized security is flexible and dynamic. Instead of being tied to a device, it can be deployed anywhere in the network and is often cloud-based. This is key for virtualized networks, in which operators spin up workloads and applications dynamically; virtualized security allows security services and functions to move around with those dynamically created workloads. Cloud security considerations (such as isolating multitenant environments in public cloud environments) are also important to virtualized security. The flexibility of virtualized security is helpful for securing hybrid and multi-cloud environments, where data and workloads migrate around a complicated ecosystem involving multiple vendors. What are the benefits of virtualized security? Virtualized security is now effectively necessary to keep up with the complex security demands of a virtualized network, plus it’s more flexible and efficient than traditional physical security. Here are some of its specific benefits: Cost-effectiveness: Virtualized security allows an enterprise to maintain a secure network without a large increase in spending on expensive proprietary hardware. Pricing for cloud-based virtualized security services is often determined by usage, which can mean additional savings for organizations that use resources efficiently. Flexibility: Virtualized security functions can follow workloads anywhere, which is crucial in a virtualized environment. It provides protection across multiple data centers and in multi-cloud and hybrid cloud environments, allowing an organization to take advantage of the full benefits of virtualization while also keeping data secure. Operational efficiency: Quicker and easier to deploy than hardware-based security, virtualized security doesn’t require IT teams to set up and configure multiple hardware appliances. Instead, they can set up security systems through centralized software, enabling rapid scaling. Using software to run security technology also allows security tasks to be automated, freeing up additional time for IT teams. Regulatory compliance: Traditional hardware-based security is static and unable to keep up with the demands of a virtualized network, making virtualized security a necessity for organizations that need to maintain regulatory compliance. How does virtualized security work? Virtualized security can take the functions of traditional security hardware appliances (such as firewalls and antivirus protection) and deploy them via software. In addition, virtualized security can also perform additional security functions. These functions are only possible due to the advantages of virtualization, and are designed to address the specific security needs of a virtualized environment. For example, an enterprise can insert security controls (such as encryption) between the application layer and the underlying infrastructure, or use strategies such as micro-segmentation to reduce the
  • 8. potential attack surface. Virtualized security can be implemented as an application directly on a bare metal hypervisor (a position it can leverage to provide effective application monitoring) or as a hosted service on a virtual machine. In either case, it can be quickly deployed where it is most effective, unlike physical security, which is tied to a specific device. What are the risks of virtualized security? The increased complexity of virtualized security can be a challenge for IT, which in turn leads to increased risk. It’s harder to keep track of workloads and applications in a virtualized environment as they migrate across servers, which makes it more difficult to monitor security policies and configurations. It’s important to note, however, that many of these risks are already present in a virtualized environment, whether security services are virtualized or not. Following enterprise security best practices (such as spinning down virtual machines when they are no longer needed and using automation to keep security policies up to date) can help mitigate such risks. How is physical security different from virtualized security? Traditional physical security is hardware-based, and as a result, it’s inflexible and static. The traditional approach depends on devices deployed at strategic points across a network and is often focused on protecting the network perimeter (as with a traditional firewall). However, the perimeter of a virtualized, cloud-based network is necessarily porous and workloads and applications are dynamically created, increasing the potential attack surface. Traditional security also relies heavily upon port and protocol filtering, an approach that’s ineffective in a virtualized environment where addresses and ports are assigned dynamically. In such an environment, traditional hardware-based security is not enough; a cloud-based network requires virtualized security that can move around the network along with workloads and applications. What are the different types of virtualized security? There are many features and types of virtualized security, encompassing network security,application security, and cloud security. Some virtualized security technologies are essentially updated, virtualized versions of traditional security technology. Others are innovative new technologies that are built into the very fabric of the virtualized network. Some common types of virtualized security features include:  Segmentation, or making specific resources available only to specific applications and users. This typically takes the form of controlling traffic between different network segments or tiers.
  • 9.  Micro-segmentation, or applying specific security policies at the workload level to create granular secure zones and limit an attacker’s ability to move through the network. Micro-segmentation divides a data center into segments and allows IT teams to define security controls for each segment individually, bolstering the data center’s resistance to attack.  Isolation, or separating independent workloads and applications on the same network. This is particularly important in a multitenant public cloud environment, and can also be used to isolate virtual networks from the underlying physical infrastructure, protecting the infrastructure from attack. SECURITY :‐In the computer industry, the term security or the phrase computer security ‐‐refers to techniques for ensuring that data stored in a computer cannot be read or compromised by any individuals without authorization. Most computer security measures involve data encryption and passwords. •Data encryption is the translation of data into a form that is unreadable without a deciphering mechanism. •A password is a secret word or phrase that gives a user access to a particular program or system. CLOUD COMPUTING SECURITY CHALLENGES:-  Cloud computing opens up a new world of opportunities for businesses, but mixed in with these opportunities are numerous security challenges that need to be considered and addressed prior to committing to a cloud computing strategy.  Cloud computing security challenges fall into three broad categories: •Data Protection: Securing your data both at rest and intransit •User Authentication: Limiting access to data and monitoring who accesses the data •Disaster and Data Breach Contingency Planning 1. Data Protection  Implementing a cloud computing strategy means placing critical data in the hands of a third party, so ensuring the data remains secure both at rest (data residing on storage media) as well as when in transit is of paramount importance.  Data needs to be encrypted at all times, with clearly defined roles when it comes to who will be managing the encryption keys.  In most cases, the only way to truly ensure confidentiality of encrypted data that resides on a cloud provider's storage servers is for the client to own and manage the data encryption keys. 2. User Authentication  Data resting in the cloud needs to be accessible only by those authorized to do so, making it critical to both restrict and monitor who will be accessing the company's data through the cloud.  In order to ensure the integrity of user authentication, companies need to be able to view data access logs and audit trails to verify that only authorized users are accessing the data.
  • 10.  These access logs and audit trails additionally need to be secured and maintained for as long as the company needs or legal purposes require.
  • 11.  As with all cloud computing security challenges, it's the responsibility of the customer to ensure that the cloud provider has taken all necessary security measures to protect the customer's data and the access to that data. 3. Contingency Planning  With the cloud serving as a single centralized repository for a company's mission‐critical data, the risks of having that data compromised due to a data breach or temporarily made unavailable due to a natural disaster are real concerns.  Much of the liability for the disruption of data in a cloud ultimately rests with the company whose mission‐critical operations depend on that data, although liability can and should be negotiated in a contract with the services provider prior to commitment.  A comprehensive security assessment from a neutral third‐party is strongly recommended as well.  Companies need to know how their data is being secured and what measures the service provider will be taking to ensure the integrity and availability of that data should the unexpected occur.  Additionally, companies should also have contingency plans in place in the event their cloud provider fails or goes bankrupt.  Can the data be easily retrieved and migrated to a new service provider or to a non‐cloud strategy if this happens? And what happens to the data and the ability to access that data if the provider gets acquired by another company? SECURITY ISSUES In Software as a Service (SaaS) model, the client needs to be dependent on the service provider for proper security measures of the system. The service provider must ensure that their multiple users don‘t get to see each other‘s private data. So, it becomes important to the user to ensure that right security measures are in place and also difficult to get an assurance that the application will be available when needed. Cloud computing providers need to provide some solution to solve the common security challenges that traditional communication systems face. At the same time, they also have to deal with other issues inherently introduced by the cloud computing paradigm itself. A. Authentication and authorization: The authorization and authentication applications used in enterprise environments need to be changed, so that they can work with a safe cloud environment. Forensics tasks will become much more difficult since it will be very hard or maybe not possible for investigators may to access the system hardware physically B. Data confidentiality: Confidentiality may refer to the prevention of unintentional or intentional unauthorized disclosure or distribution of secured private information. Confidentiality is closely related to the areas of encryption,intellectual property rights, traffic analysis, covert channels, and inference in cloud system. Whenever a business, an individual, a government agency, or any other entity wants to shares information over cloud,confidentiality or privacy is a questions nay need to be asked
  • 12. C. Availability :The availability ensures the reliable and timely access to cloud data or cloud computing resources by the appropriate personnel. The availability is one of the big concerns of cloud service providers, since if the cloud service is disrupted or compromised in any way; it affects large no. of customers than in the traditional model. D. Information Security :In the SaaS model, the data of enterprise is stored outside of the enterprise boundary, which is at the SaaS vendor premises. Consequently, these SaaS vendor needs to adopt additional security features to ensure data security and prevent breaches due to security vulnerabilities in the application or by malicious employees. This will need the use of very strong encryption techniques for data security and highly competent authorization to control access private data. E. Data Acces Data access issue is mainly related to security policies provided to the users while accessing the data . Organizations have their own security policies based on which each employee can have access to a particular set of data. These security policies must be adhered by the cloud to avoid intrusion of data by unauthorized users. The SaaS model must be flexible enough to incorporate the specific policies put forward by the organization. F. Network Security In a SaaS deployment model, highly sensitive information is obtained from the various enterprises, then processed by the SaaS application and stored at the SaaS vendor‘s premises. All data flow over the network has to be secured in order to prevent leakage of sensitive information. G. Data breaches Since data from various users and business organizations lie together in a cloud environment, breaching into this environment will potentially make the data of all the users vulnerable. Thus, the cloud becomes a high potential target Identity management and sign-on process. H. Identity management : (IdM) or ID management is an area that deals with identifying individuals in a system and controlling the access to the resources in that system by placing restrictions on the established identities. Aria of IdM is considered as one of the biggest challenges in information security. When a SaaS provider want to know how to control who has access to what systems within the enterprise it becomes a lot more challenging task. SaaS Application Security:‐  The SaaS model dictates that the provider manages the entire suite of applications delivered to users.  Therefore, SaaS providers are largely responsible for securing the applications and components they offer to customers.  Customers are usually responsible for operational security functions, including user and access management as supported by the provider.  It is a common practice for prospective customers, usually under an NDA, to request information related to the provider’s security practices.
  • 13.  This information should encompass  Design  Architecture  Development  Black‐and white‐box application security testing, and  Release management.  Some customers go to the extent of hiring independent security vendors to perform penetration testing (black‐box security testing) of SaaS applications (with consent from the provider) to gain assurance independently.  However, penetration testing can be costly and not all providers agree to this type of verification.  Extra attention needs to be paid to the authentication and access control features offered by SaaS CSPs. Usually that is the only security control available to manage risk to information.  Example: Web based administration user interface tool Google DOC  Additional controls should be implemented to manage privileged access to the SaaS administration tool, and enforce segregation of duties to protect the application from insider threats. In line with security standard practices, customers should implement a strong password policy—one that forces users to choose strong passwords when authenticating to an application  It is a common practice for SaaS providers to commingle their customer data (structured and unstructured) in a single virtual data store and rely on data tagging to enforce isolation between customer data.  In that multi tenant data store model, where encryption may not be feasible due to key management and other design barriers, data is tagged and stored with a unique customer identifier.  So the customers should understand the virtual data store architecture and the preventive mechanisms the SaaS providers use to guarantee the compartmentalization and isolation required in a virtual multi tenant environment. WHAT IS IDENTITY AND ACCESS MANAGEMENT? According to Gartner, Identity and Access Management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAM addresses the mission-critical need to ensure appropriate access to resources across increasingly heterogeneous technology environments. Enterprises traditionally used on-premises IAM software to manage identity and access policies, but nowadays, as companies add more cloud services to their environments, the process of managing identities is getting more complex. Therefore, adopting cloud-based Identity-as-a-Service (IDaaS) and cloud IAM solutions becomes a logical step.
  • 14. WHAT DOES CLOUD IDENTITY AND ACCESS MANAGEMENT INCLUDE? Cloud IAM typically includes the following features:  Single Access Control Interface. Cloud IAM solutions provide a clean and consistent access control interface for all cloud platform services. The same interface can be used for all cloud services.  Enhanced Security. You can define increased security for critical applications.  Resource-level Access Control. You can define roles and grant permissions to users to access resources at different granularity levels. WHY DO YOU NEED IDENTITY AND ACCESS MANAGEMENT? Identity and Access Management technology can be used to initiate, capture, record, and manage user identities and their access permissions. All users are authenticated, authorized, and evaluated according to policies and roles. Poorly controlled IAM processes may lead to regulatory non-compliance; if the organization is audited, management may not be able to prove that company data is not at risk of being misused. HOW CAN CLOUD IAM HELP YOU? It can be difficult for a company to start using cloud Identity and Access Management solutions because they don’t directly increase profitability, and it is hard for a company to cede control over infrastructure. However, there are several perks that make using an IAM solution very valuable, such as the following:  The ability to spend less on enterprise security by relying on the centralized trust model to deal with Identity Management across third-party and own applications.  It enables your users to work from any location and any device.  You can give them access to all your applications using just one set of credentials through Single Sign-On.  You can protect your sensitive data and apps: Add extra layers of security to your mission- critical apps using Multifactor Authentication.  It helps maintain compliance of processes and procedures. A typical problem is that permissions are granted based on employees’ needs and tasks, and not revoked when they are no longer necessary, thus creating users with lots of unnecessary privileges.
  • 15. AUTH0 AS YOUR CLOUD IAM SOLUTION Auth0 can authenticate your users with any identity provider running on any stack, any device or cloud. It provides Single Sign-On, Multifactor Authentication, Social Login, and several more features. You can read more about Auth0 features here: Why Auth0? In terms of authorization, you can use the power of the rule engine to define coarse-grained authorization — that is, rules that dictate who can login (for example: at what times, from which locations and devices, and so on). Auth0 also has a group memberships feature that can be exposed to the application (for example: group memberships in Active Directory, in Azure Active Directory, in the user’s metadata, and so on); based on that, you can do more fine-grained authorization (where only users in a particular group can access some applications). As organizations adopt more cloud services, security professionals face some new and interesting issues. One of the more pressing problems is the rapid proliferation of various identities associated with cloud service environments. Simply put, the more cloud services that are used, the more identities that need provisioning within these environments. Identity and access management (IAM) in cloud environments can be problematic for tracking, monitoring and controlling accounts. Here, learn more about these problems and how to address them in an enterprise cloud environment. Common cloud IAM challenges In addition to standard identity management issues plaguing enterprises today, such as user password fatigue and managing a distributed workforce, there are several cloud-specific challenges enterprises face, including the following:  improper service and user provisioning and deprovisioning -- for example, companies not deprovisioning form employee SaaS accounts;  zombie SaaS accounts -- inactive assigned users;  too many admin accounts; and  users bypassing enterprise IAM controls. What these issues illustrate is a lack of control over the account life cycle that many SaaS scenarios present. But account management and life cycle maintenance aren't the only issues when it comes to IAM in cloud settings -- the creation of roles and management of privileges within all types of cloud environments can also be challenging.
  • 16. For large organizations that may have hundreds or even thousands of defined roles across numerous accounts, just gathering an inventory of the role assignments can be a huge undertaking. For example, one case study on the impact of cloud IAM by the security research team at Rhino Security Labs found a large number of incredibly common privilege escalation techniques in AWS in early 2018 that took advantage of poorly defined roles and privilege models. For large organizations that have hundreds or even thousands of defined roles across numerous accounts, just gathering an inventory of role assignments can be a huge undertaking. Fortunately, the research team at Rhino created a free tool that can remotely pull an inventory of all users with a breakdown of possible privilege escalation susceptibility. Best practices for meeting IAM challenges in the cloud To combat cloud IAM challenges, organizations need to develop a governance strategy for identities. While some may have enterprise IAM strategies in place internally, they will likely need to be adapted for cloud environments. For all actual human users, accounts should be directly linked to central directory services, such as Active Directory, which facilitate the provisioning, auditing and deprovisioning of accounts from a central store. All SaaS applications should require the use of single sign on linked to this central directory with federation technology. For PaaS and IaaS environments, identity governance can be somewhat trickier as all assets – servers, server less code, storage nodes and so on -- can have roles and privileges assigned to them. Some of these identities -- whether simple users and groups or more complex role assignments -- may not easily align with a central directory store. As such, DevOps teams may find it easier to use cloud-native tools to manage accounts and identities in some scenarios. There are several aspects of identity governance to focus on in these cases, including the following:  Enterprises should develop internal standards and account creation practices that govern how DevOps and other teams integrate identities and privilege models into cloud deployments. This should include account rationale, authentication and authorization methods and controls, and life cycle parameters.  Companies should use cloud-native or third-party tools to regularly pull lists of users, groups, roles and privilege assignments from cloud service environments. PowerShell for Azure and AWS Command Line Interface can collect this type of data, which will still need to be sorted, stored and analyzed by security admins.  Organizations must ensure logging and event monitoring mechanisms focus on all IAM activity in cloud provider environments and then monitor for any unusual activity or unauthorized changes.
  • 17. Developing a governance plan for cloud IAM can be a tedious and lengthy process, but there are significant risks involved if enterprises don't. Also, don't forget to involve all relevant stakeholders as this can get political quickly. Security Governance An organisation’s board is responsible (and accountable to shareholders, regulators and customers) for the framework of standards, processes and activities that, together, make sure the organisation benefits securely from Cloud Computing. We are the leading provider of information, books, products and services that help boards develop, implement and maintain a Cloud governance framework. Trust boundaries in the Cloud Organisations are responsible for their own information. The nature of Cloud computing means that at some point the organisation will rely on a third party for some element of the security of its data. The point at which the responsibility passes from your organisation to your supplier is called the ‘trust boundary’ and it occurs at a different point for Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). Organisations need to satisfy themselves of the security and resilience of their Cloud service providers. They also need to observe their Data Protection Act 1998 (DPA) – and, from May 2018, General Data Protection Regulation (GDPR) – obligations. Cloud Controls Matrix The Cloud Security Alliance (CSA) developed and maintains the Cloud Control Matrix, a set of additional information security controls designed specifically for Cloud services providers (CSPs), and against which customers can carry out a security audit. BSI and the CSA have collaborated to offer a certification scheme (designed as an extension to ISO 27001) against which CSPs can achieve independent certification. Cloud security certification The CSA offers an open Cloud security certification process: STAR (Security, Trust and Assurance Registry). This scheme starts with self-assessment and progresses through process maturity to an externally certified maturity scheme, supported by an open registry of information about certified organisations. Continuity and resilience in the Cloud Cloud service providers are as likely to suffer operational outages as any other organisation. Physical infrastructure can also be negatively affected. Buyers of Cloud services should satisfy themselves that their CSPs are adequately resilient against operational risks. ISO22301 is an appropriate business continuity standard.
  • 18. Data protection in the Cloud UK organisations that store personal data in the Cloud or that use a CSP must currently comply with the DPA. However, since the GDPR came into effect on 25 May 2018, data processors and data controllers are now accountable for the security of the personal data they process. CSPs and organisations that use them will need to implement appropriate technical and organisational measures to make sure that processing meets the GDPR’s requirements and protects the rights of data subjects. G-Cloud framework The UK government’s G-Cloud framework makes it faster and cheaper for the public sector to buy Cloud services. Suppliers are approved by the Crown Commercial Service (CCS) via the G-Cloud application process, which eliminates the need for them to go through a full tender process for each buyer. Suppliers can sell Cloud services via an online catalogue called the Digital Marketplace under three categories, or ‘lots’:  Cloud hosting– Cloud platform or infrastructure services.  Cloud software– applications that are accessed over the Internet and hosted in the Cloud.  Cloud support– services to help buyers set up and maintain their Cloud services. IT Governance G-Cloud consultancy services IT Governance has been approved to provide six cyber security services via the Digital Marketplace for Cloud support:  Cyber Health Check  Cyber Security Audit Review  Cyber Incident Response Management  SOC 2 Audit Readiness Assessment and Remediation  Technical Cyber Assurance  Cloud Security Compliance Readiness Assessment and Remediation References: [1] R Shyam, P Srivastava, DS Kushwaha, “A Taxonomy and Survey of Cloud Computing [Security Issues and Challenges]”, BL Joshi, 62, 2012. [2] PK Varshney, P Singh, R Shyam, “Weak Spots of Cloud Computing and Their Revelations”, BL
  • 19. Joshi, 109, 2012. [3] Kai Hwang, Geoffrey C. Fox, Jack G. Dongarra, “Distributed and Cloud Computing, From Parallel Processing to the Internet of Things”, Morgan Kaufmann Publishers, 2012. [4] Rittinghouse, John W., and James F. Ransome, “Cloud Computing: Implementation, Management and Security”, CRC Press, 2017. [5] Rajkumar Buyya, Christian Vecchiola, S. Thamarai Selvi, “Mastering Cloud Computing”, Tata Mcgraw Hill, 2013. [6] Toby Velte, Anthony Velte, Robert Elsenpeter, “Cloud Computing – A Practical Approach”, Tata Mcgraw Hill, 2009. [7] George Reese, “Cloud Application Architectures: Building Applications and Infrastructure in the Cloud”: Transactional Systems for EC2 and Beyond (Theory in Practice), O’Reilly, 2009.