Evolution of Security Controls Towards Cloud Services discusses security controls for cloud services. It summarizes the Cloud Security Alliance's Security Trust Assurance and Risk framework for guiding cloud vendors and assessing cloud security risks. It also discusses the Cloud Controls Matrix version 3.0 which provides guidance on implementing security controls in cloud environments based on 16 security domains. Managing uncertainty is key when using cloud services, and formal verification methods can help ensure security. Continuous monitoring of cloud environments helps gain visibility and detect security issues.
the cloud as a multi-stakeholder and heterogeneous environment
requires a multi-dimensional approach to selecting a suitable evolution process, here done through a variability model driving a staged evolution based on migration patterns.
To deal with adaptation, the uncertainty is mastered through statistical and logical approaches
Pahl, Claus & Jamshidi, Pooyan & Weyns, Danny. (2017). Cloud architecture continuity: Change models and change rules for sustainable cloud software architectures. Journal of Software: Evolution and Process. 29. e1849. 10.1002/smr.1849.
In the process of using the cloud platform, how to ensure the safety of users is a matter we must concern.
The user authentication can provide a certain degree of security, but when the user information was leaked, this method will not be effective.
Therefore, this article proposes a trust evaluation model based on user behavior data.
https://www.researchgate.net/publication/325242412_Trust_evaluation_model_of_cloud_user_based_on_behavior_data
Increasing the number of devices, compliance requirement, business needs to capture the data for events are necessary for all types of business.
Analyzing logs can give you real insights into what’s happening within your IT environment.
Some of the real-time examples:
Capacity planning
Early problem detection
https://hdsr.mitpress.mit.edu/pub/a7gxkn0a
community emergency response team (CERT), computer security incident response team (CSIRT), and security operations center (SOC)
Start by quantifying before you move into cloud services
https://www.mdpi.com/1911-8074/10/2/10/pdf