Cloud Security
The user is responsible for the protection of their own information and must take action to protect their information and applicationsin a cloud environment.
Concerns
In considering all the positive advantages that moving to the cloud would convey, as described in the Introduction, one critical aspect remains. Users of cloud services are responsible for the security of their own information and applications. While security is certainly part of a cloud service, the extent of that service, the breadth and depth of that service, and the delivery of that service as applied in respect to an individual user, is not the same as your personal interest in, and responsibility for, security.
The following pages address in detail, and from the viewpoint of the user, crucial aspects of security in the cloud. They are:
Access Control
How to ensure that information is accessible only by its intended users and is not accessible to anyone else. Specific topics include:
- Passwords
- Multi-Factor Authentication (MFA)
- PKI
- Shared Identity Service
Integrity
How to ensure that information and applications are not altered or deleted. Specific topics include:
Technical Methods
- Data encryption
- Checksums
- Hashes
- Digital signatures
- Blockchain
Operational Methods
- Access logs
- Monitoring
Availability
How to ensure that information is accessible to the intended users when needed. Specific topics include:
- Backup and Recovery
- Disaster Recovery
- Continuity of Operations Plan (COOP)
Compliance
How to ensure that cloud security objectives are being satisfied. Specific topics include:
- Governance Approach
- Accreditation
- Monitoring: Intrusion Detection, AntiVirus
- Audit
- Security Analytics: Performance, Provisioning, Metrics, SLAs
