Page tree
Skip to end of metadata
Go to start of metadata

 

 

This site presents thousands of resources from around the world on Cloud Security - the practice of protecting data, applications, infrastructure and human interactions facilitated by cloud computing.

Table of Contents:

Below we have compiled publicly available sources from around the world that present views on Cloud Security.

Cloud Security Overview

Cloud computing enables users to store and process data in a distributed architecture. Broadly defined, there are several cloud computing models: IaaS (Infrastructure as a Service, e.g. Amazon EC2), PaaS (Platform as a Service, e.g. Heroku), SaaS (Software as a Service, e.g. SalesForce), private cloud (e.g. OpenStack), and also virtualization technology which is the underlying infrastructure of most cloud computing systems (e.g. VMware).

Each of these models has unique security issues. In the public cloud models (IaaS, PaaS and SaaS) there are security issues faced by the cloud provider, vs. other security concerns that are the responsibility of the organization using the cloud service. In private cloud models, security concerns are all in-house, but there is increased complexity due to the virtualized and distributed infrastructure. Virtualization introduces an additional computing layer which must be properly configured, managed and secured. Security concerns are a key driver of IT decisions to move to the public cloud, adopt a public cloud or stay with traditional infrastructure.

Security concerns can also be segmented by cloud provider. There is a growing literature on security concerns and best practices for major public cloud providers (IaaS and PaaS) - Amazon Web Services, Azure, Google Cloud Platform, RackSpace, Heroku, HP Cloud, EngineYard and more - and private cloud platforms like OpenStack.

Cloud Security Technology and Tools

 Traditional security technology and tools are used to secure cloud infrastructure and services, but they are not enough due to the increased environment complexity and new types of risks. The following are technologies specially developed to secure the cloud: cloud firewalls, Cloud Access Security Brokers (CASB), cloud data encryption tools, cloud access control, cloud application security, cloud backup and recovery tools, and modern configuration management tools.

A large number of software vendors and solution providers provide one or more of the above technologies to help secure the cloud, the following are a few examples: 

About this Wiki

This website is a community initiative by Dome9, a leading provider of network and server security for Amazon Web Services and other clouds. It is a hand-picked selection of links covering all aspects of cloud security. Over the next few months we will add more and more categories to this wiki until we cover over 200 planned categories across the following general cloud security subjects:

On this Page

Further on this page you will find a selection of resources covering important aspects of cloud security in general. To drill down into specific topics within cloud security, jump to Further Reading at the bottom.

General Security Concerns

Cloud Security Principles

Risks and Threats

Strategy

Security Techniques and Solutions

Cloud Models

Data Security

Legal and Government

Specific Environments

Academic Papers

Examples


Further Reading

  • Cloud Security Practices and EducationResources about how to secure cloud computing systems and learn about cloud security.
    • Business Continuity and Disaster Recovery on the CloudBusiness continuity and disaster recovery is of high priority for every organization, disruptions can cause damage to a company's operation and reputation.
    • Cloud Security Best PracticesResources on how to improve security for cloud-based systems.
    • Cloud Security TrainingA list of resources regarding cloud security training. Cloud security training provides you with experience identifying and resolving security issues specific to public and private cloud services.
    • Cloud Storage and Cloud Backup SecurityResources on cloud storage and cloud backup security, and how to protect companies and individuals data integrity.
    • Compliance and Auditing on the CloudResources on compliance to government regulations and standards, and on performing auditing in cloud-based systems.
    • SecOpsAn overview of security operations (SecOps) practices, strategies and professional services, in relation to cloud security. 
  • Cloud Computing Risks and ThreatsResources on how to identify, deal with and prevent specific cloud security threats and attacks including DDoS, API vulnerability, Shadow IT and traffic hijacking.
    • Cloud Data BreachesResources on cloud data breaches and unauthorized data viewing, its implication and ways of prevention. 
    • Cloud Data LossResources on cloud data loss risks and prevention.
    • Account HijackingResources on account hijacking attacks in the context of cloud security.
    • Traffic HijackingResources on traffic hijacking threats and and the ways to defend against them.
    • API VulnerabilitiesResources on API security vulnerabilities in the context of cloud computing and cloud services.
    • Cloud Services AbuseAn overview of cloud computing services abuse and unauthorized use of cloud systems.
    • Shadow ITResources on traffic shadow IT practices, its extent, cost and implications on internet security.
  • AWS SecurityResources on AWS security, security for AWS platforms like EC2, S3 and RDS, AWS monitoring, AWS configuration and security Groups, AWS firewall solutions, and more.
    • Security for AWS PlatformsSecuring the various computing services provided by Amazon Web Services requires a complex combination of technologies and best practices. In this section you'll find resources from around the web on securing specific services on AWS, including Amazon S3, Amazon RDS, Amazon RedShift, EBS, SES, SQS, and more.
    • AWS MonitoringResources on monitoring AWS applications and deployments, including best practices and specialized monitoring tools for the Amazon cloud.
    • AWS Secure Access and SSHResources on how to securely access Amazon Web Services machines, using SSH keys and other methods, and security best practices for remote access on the Amazon cloud.
    • AWS ComplianceResources on compliance with regulations and industry standards on the AWS cloud - HIPAA compliance, ISO 27001 compliance, PCI compliance, and more.
    • AWS Security GroupsResources on defining security groups on AWS services like EC2, VPC and RDS. Security groups act as a virtual firewall that controls the traffic for one or more Amazon instances.
    • AWS FirewallResources on how to setup a firewall on AWS, and tools that enable firewall capabilities on the Amazon cloud. For Amazon's WAF (Web Application Firewall) product, see our AWS WAF page (coming soon).
    • AWS Security-Related Products and FeaturesResources about security products and features provided as part of the Amazon Web Services cloud platform.
  • Windows Azure SecurityResources about security for Windows Azure, the cloud platform provided by Microsoft, including security measures provided by the Azure platform, how to use them, and additional security best practices for users of Windows Azure.
    • Azure Security-Related ProductsResources about security products offered by Microsoft as part of Windows Azure.
    • Azure MonitoringResources about Azure monitoring, which refers to monitoring the Azure cloud. Azure monitoring includes several aspects, such as log file analysis, defining/collecting metrics, and providing diagnostic for root cause analysis or troubleshooting.
    • Azure Secure Access and SSHResources about Azure secure access and SSH, which discusses how to securely access, provision, or migrate virtual machines on the Microsoft Azure cloud using the SSH protocol.
    • Azure ComplianceResources on Azure compliance, which refers to the methods in which the Microsoft Azure cloud complies with common policies, regulations, certificates, and attestations. Microsoft shares third-party verification results with its customers, and supports the CDSA, CJIS, and CSA CMM certificates.
    • Azure FirewallResources on Azure firewall, which refers to the methods of protecting services or applications on the Microsoft Azure cloud using a firewall. Firewall options for the Azure cloud include pre-packaged operating system firewalls or third-party firewalls offered as cloud services.
    • Azure EncryptionResources on how to encrypt data and manage encryption on the Microsoft Azure cloud.
    • Setting up SSL on AzureResources on how to set up HTTPS and SSL on the Microsoft Azure cloud platform.
  • List of Cloud Security Tools and ServicesResources about tools and services specifically built to enable security in cloud computing environments.
    • Cloud Application, Server and Network SecurityResources about tools and services used to protect applications, servers or networks facilitated by cloud computing.
    • Cloud Antivirus and Threats PreventionResources about cloud antivirus, a solution in which antivirus processes are conducted on cloud servers instead of a user's PC, and threat prevention, the practice of preventing systems (mainly in IT organizations) from being infected by viruses or protecting the systems from cyber attacks.
    • Cloud Identity and Access Management ToolsResources about cloud identity and access management tools, which are tools used for facilitating the management of electronic identities.
    • Cloud Data and CDN Security ToolsResources about cloud data and Content Delivery Network (CDN) security tools, which are tools used to protect data stored on cloud servers, and user-related data used for CDN functions (such as geolocation or content delivery server data).
    • Cloud MonitoringResources about cloud monitoring, a process that includes monitoring, management and review of workflows or processes of an IT asset or infrastructure that is cloud-based. Cloud monitoring aims to make sure that the relevant cloud platform is performing properly.
  • Cloud Security TechnologiesResources about the technologies used to achieve cloud security - the practice of protecting data, applications, infrastructure and human interactions facilitated by cloud computing.
    • Cloud FirewallResources about cloud firewall, a firewall that is managed on cloud servers rather than being offered as a local hardware appliance or software solution. A cloud firewall supports distributed environments, where users and applications operate from various locations and sources.
    • CASBResources about Cloud Access Security Broker (CASB), a software tool that acts as an enforcement point for security policies. A CASB is placed between cloud service consumers and providers and allows organizations to extend their security policies beyond the organization, by adding or combining policies as cloud-based resources are accessed.
    • Cloud Data EncryptionResources about cloud data encryption, the practice of protecting sensitive data stored on cloud servers and securing the data leaving a network. Cloud data encryption also aims to prevent unauthorized access to private data.
    • Cloud Application SecurityResources about cloud application security, the practice of protecting cloud applications, which aims to address security issues faced both by the organization providing the cloud service and by its customers.
    • Cloud Backup and RecoveryResources about cloud backup and recovery, a security strategy according to which records and data are copied to a cloud server, where they are maintained and can be recovered if necessary.
    • Using Configuration Management for Cloud SecurityResources about using configuration management - the practice of providing information about the delivery method of services - for cloud security. Configuration management for cloud security refers to practicing different levels of configuration management on cloud-related services such as SaaS, PaaS, or IaaS.

Dome9: AWS Network Security and Identity Protection Made Simple

Visualize. Remediate. Enforce.

Start Free Trial

Visualize. Remediate. Enforce.

Bulletproof Security for AWS

  • No labels