Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 

 

Excerpt
hiddentrue

This site presents thousands of resources from around the world on Cloud Security - the practice of protecting data, applications, infrastructure and human interactions facilitated by cloud computing.

Master wrapper
PageTypeTopic
Cloud Security

Cloud Security Overview

Cloud computing enables users to store and process data in a distributed architecture. Broadly defined, there are several cloud computing models: IaaS (Infrastructure as a Service, e.g. Amazon EC2), PaaS (Platform as a Service, e.g. Heroku), SaaS (Software as a Service, e.g. SalesForce), private cloud (e.g. OpenStack), and also virtualization technology which is the underlying infrastructure of most cloud computing systems (e.g. VMware).

Each of these models has unique security issues. In the public cloud models (IaaS, PaaS and SaaS) there are security issues faced by the cloud provider, vs. other security concerns that are the responsibility of the organization using the cloud service. In private cloud models, security concerns are all in-house, but there is increased complexity due to the virtualized and distributed infrastructure. Virtualization introduces an additional computing layer which must be properly configured, managed and secured. Security concerns are a key driver of IT decisions to move to the public cloud, adopt a public cloud or stay with traditional infrastructure.

Security concerns can also be segmented by cloud provider. There is a growing literature on security concerns and best practices for major public cloud providers (IaaS and PaaS) - Amazon Web Services, Azure, Google Cloud Platform, RackSpace, Heroku, HP Cloud, EngineYard and more - and private cloud platforms like OpenStack.

Cloud Security Technology and Tools

 Traditional security technology and tools are used to secure cloud infrastructure and services, but they are not enough due to the increased environment complexity and new types of risks. The following are technologies specially developed to secure the cloud: cloud firewalls, Cloud Access Security Brokers (CASB), cloud data encryption tools, cloud access control, cloud application security, cloud backup and recovery tools, and modern configuration management tools.

A large number of software vendors and solution providers provide one or more of the above technologies to help secure the cloud, the following are a few examples: 

About this Wiki

This website is a community initiative by Dome9, a leading provider of network and server security for Amazon Web Services and other clouds. It is a hand-picked selection of links covering all aspects of cloud security. Over the next few months we will add more and more categories to this wiki until we cover over 200 planned categories across the following general cloud security subjects:

On this Page

Further on this page you will find a selection of resources covering important aspects of cloud security in general. To drill down into specific topics within cloud security, jump to Further Reading at the bottom.

General Security Concerns

List wrapper
List item
L;isaca.org;Security Considerations for Cloud Computing;http://www.isaca.org/knowledge-center/research/researchdeliverables/pages/security-considerations-for-cloud-computing.aspx;NA;NA;;
List item
Z;cs.purdue.edu;Security Issues in Cloud Computing - by Naval Research Lab;https://www.cs.purdue.edu/homes/bb/cs590/handouts/Anya-Kim-Bhargava-MCCWorkshop.ppt;Anya Kim;NA;;
List item
L;itbusinessedge.com;Why Cloud Security Threats Shouldn’t Inhibit Cloud Adoption;http://www.itbusinessedge.com/blogs/data-security/why-cloud-security-threats-shouldnt-inhibit-cloud-adoption.html;NA;NA;;
List item
L;wired.com;Will Breaches and Privacy Concerns Lead to the Rise of the Personal Cloud?;http://www.wired.com/insights/2014/10/the-rise-of-the-personal-cloud/;Allen Fung;NA;;
List item
L;resilience.enisa.europa.eu;Cloud Computing Benefits, risks and recommendations for information security;https://resilience.enisa.europa.eu/cloud-security-and-resilience/publications/cloud-computing-benefits-risks-and-recommendations-for-information-security;NA;NA;;
List item
L;thenextweb.com;Cloud security: what’s the big deal?;http://thenextweb.com/insider/2015/11/11/cloud-security-whats-the-big-deal/;NA;NA;;
List item
L;isaca.org;Conference Presentation Slides: East African Information Conference - Security and Privacy: Can We Trust the Cloud?;http://www.isaca.org/chapters2/kampala/Documents/Security%20and%20Privacy%20in%20the%20Cloud.pdf;NA;NA;;
List item
L;ibm.com;Is cloud computing secure computing?
;https://www.ibm.com/smarterplanet/global/files/us__en_us__cloud__smart_clouds.pdf;NA;NA;;

Cloud Security Principles

List wrapper
List item
L;isaca.org;Cloud Risk—10 Principles and a Framework for Assessment;http://www.isaca.org/Journal/archives/2012/Volume-5/Pages/Cloud-Risk-10-Principles-and-a-Framework-for-Assessment.aspx;NA;NA;;
List item
L;gov.uk;Summary of Cloud Security Principles - GOV.UK;https://www.gov.uk/government/publications/cloud-service-security-principles/cloud-service-security-principles;NA;NA;;

Risks and Threats

List wrapper
List item
L;isaca.org;Infographic: Cloud Computing Risk Intelligence Map - by Deloitte;http://www.isaca.org/Groups/Professional-English/governance-of-enterprise-it/GroupDocuments/Deloitte%20Risk%20Map%20for%20Cloud%20Computing.pdf;NA;NA;;
List item
L;businessnewsdaily.com;8 Reasons to Fear Cloud Computing;http://www.businessnewsdaily.com/5215-dangers-cloud-computing.html;NA;NA;;
List item
L;datacenterknowledge.com;A Look At The Risks of Cloud Computing;http://www.datacenterknowledge.com/archives/2012/12/05/the-cloudy-side-of-cloud-computing/;Bill Kleyman ;NA;;
List item
L;computer.howstuffworks.com;Are my files really safe if I store them in the cloud?;http://computer.howstuffworks.com/cloud-computing/files-safe-in-the-cloud.htm;NA;NA;;
List item
L;isaca.org;Cloud Computing Risk Assessment: A Case Study;http://www.isaca.org/Journal/archives/2011/Volume-4/Pages/Cloud-Computing-Risk-Assessment-A-Case-Study.aspx;NA;NA;;
List item
L;ieeexplore.ieee.org;Cloud computing security threats and responses;http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6014715;NA;NA;;
List item
L;ieeexplore.ieee.org;Impact of security risks on cloud computing adoption;http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6120232;Murat Kantarcioglu ;NA;;

Strategy

List wrapper
List item
L;intel.com;Cloud Security Issues and Insights for IT Strategic Planning (Video);http://www.intel.com/content/www/us/en/cloud-computing/cloud-security-peer-research-video.html;NA;NA;;
List item
L;ibm.com;Craft a cloud service security policy;http://www.ibm.com/developerworks/cloud/library/cl-cloudsecurepolicy/;NA;NA;;
List item
L;cloudindustryforum.org;How to Draw Up a Comprehensive Cloud Security Policy;https://www.cloudindustryforum.org/file/100/download?token=qYHs-_6H;NA;NA;;
List item
L;www4.akamai.com;INTERNET CONNECTION SPEED RISES; GLOBAL AVERAGE INCREASES NEARLY 10 PERCENT;http://www4.akamai.com/html/solutions/cloud-security-ddos-mitigation.html;NA;NA;;
List item
L;enisa.europa.eu;PDF: Cloud Security Risks and Opportunities for SMEs;https://www.enisa.europa.eu/publications/cloud-security-guide-for-smes;NA;NA;;

Security Techniques and Solutions

List wrapper
List item
L;ieeexplore.ieee.org;Security threats in cloud computing;http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6148380;NA;NA;;
List item
L;blogs.cisco.com;The Top 5 Security Risks of Cloud Computing;http://blogs.cisco.com/smallbusiness/the-top-5-security-risks-of-cloud-computing;
Jeff Beckham;NA;;
List item
L;theguardian.com;Can cloud computing be secure? Six ways to reduce risk and protect data;http://www.theguardian.com/media-network/media-network-blog/2013/sep/05/cloud-computing-security-protect-data;Gretchen Marx;NA;;
List item
L;spaces.internet2.edu;Cloud Computing Security - 2014 Information Security Guide;https://spaces.internet2.edu/display/2014infosecurityguide/Cloud+Computing+Security;NA;NA;;
List item
L;searchsecurity.techtarget.com;How to Secure Cloud Computing - Information Security Magazine;http://searchsecurity.techtarget.com/magazineContent/How-to-Secure-Cloud-Computing;NA;NA;;
List item
L;intel.com;Seven Steps for Building Security in the Cloud from the Ground Up;http://www.intel.com/content/dam/www/public/us/en/documents/guides/cloud-security-checklist-planning-guide.pdf;NA;NA;;
List item
L;journalofcloudcomputing.com;A quantitative analysis of current security
concerns and solutions for cloud computing;http://www.journalofcloudcomputing.com/content/pdf/2192-113X-1-11.pdf;NA;NA;;

Cloud Models

List wrapper
List item
L;blog.parallels.com;Cloud Computing Security - Public vs. Private Cloud Computing;http://blog.parallels.com/2014/10/06/cloud-computing-security/;NA;NA;;
List item
L;cyberark.com;Eliminate security gaps across public, private, hybrid cloud and SaaS environments;http://www.cyberark.com/solutions/security-risk-management/cloud-virtualization-security/;NA;NA;;

Data Security

List wrapper
List item
L;blink.ucsd.edu;Cloud security and your data;http://blink.ucsd.edu/technology/security/cloud-security.html;Anand Bagmar;NA;;
List item
L;eprint.iacr.org;Ensuring Data Storage Security in Cloud Computing;https://eprint.iacr.org/2009/081.pdf;NA;NA;;
List item
L;biorxiv.org;Practical Guidelines for Secure Cloud Computing using Genomic Data;http://biorxiv.org/content/early/2015/12/20/034876;NA;NA;;

Legal and Government

List wrapper
List item
L;nist.gov;NIST Publishes Draft Cloud Computing Security Document for Comment;http://www.nist.gov/itl/csd/cloud-061113.cfm;Evelyn Brown ;NA;;
List item
L;cchs.gwu.edu;Cloud Computing Risks and National Security;https://cchs.gwu.edu/cloud-computing-risks-and-national-security;Alex Siminiuc;NA;;
List item
L;businessinsurance.com;Cloud computing risks generally covered by cyber insurance;http://www.businessinsurance.com/article/99999999/NEWS070101/399999809;NA;NA;;
List item
L;theconversation.com;Get off my cloud: when privacy laws meet cloud computing;http://theconversation.com/get-off-my-cloud-when-privacy-laws-meet-cloud-computing-21001;NA;NA;;
List item
L;enisa.europa.eu;PDF: Security Framework for Governmental Clouds;https://www.enisa.europa.eu/publications/security-framework-for-governmental-clouds;NA;NA;;

Specific Environments

List wrapper
List item
L;thinkmind.org;Cloud Providers - A Security Policy for Cloud Providers;https://www.thinkmind.org/download.php?articleid=icimp_2014_1_30_30012;Dimitra Georgiou;NA;;
List item
L;incapsula.com;Cloud-Based Services - Top 10 security concerns for cloud-based services;https://www.incapsula.com/blog/top-10-cloud-security-concerns.html;NA;NA;;
List item
L;redmondmag.com;Enterprise - Top Security Threats Still Plaguing Enterprise Cloud Adoption;https://redmondmag.com/articles/2014/11/01/intensified-risk.aspx;NA;NA;;
List item
L;intel.com;Healthcare - Secure Cloud for Healthcare Data;http://www.intel.com/content/www/us/en/healthcare-it/secure-cloud-for-healthcare-data.html;NA;NA;;
List item
L;ibm.com;IBM Point of View:
Security and Cloud Computing;http://www.ibm.com/ibm/files/K741953W02854Z25/18Security_and_Cloud_Computing_382KB.pdf;NA;NA;;
List item
L;businessnewsdaily.com;Small Business - Cloud Computing: A Small Business Guide;http://www.businessnewsdaily.com/4427-cloud-computing-small-business.html;NA;NA;;
List item
L;incapsula.com;What is SQL Injection?;https://www.incapsula.com/web-application-security/sql-injection.html;NA;NA;;

Academic Papers

List wrapper
List item
L;uir.ulster.ac.uk;Cloud Computing Security - what cloud computing is, the various cloud deployment models and the main security risks
and issues that are currently present within the cloud computing industry.;http://uir.ulster.ac.uk/20675/3/ijacivol3no1.pdf;NA;NA;;
List item
L;hindawi.com;Data Security and Privacy in Cloud Computing;http://www.hindawi.com/journals/ijdsn/2014/190903/;NA;NA;;
List item
L;igi-global.com;Journal Article: Security Issues for Cloud Computing - Security & Forensic IS&T;http://www.igi-global.com/article/security-issues-cloud-computing/46102;NA;NA;;
List item
L;utd.edu;Security Issues for Cloud Computing;http://www.utd.edu/~hamlen/hamlen-ijisp10.pdf;NA;NA;;
List item
L;academia.edu;Security Issues of Cloud Computing and Impacts to Enterprises;http://www.academia.edu/5914072/Security_Issues_of_Cloud_Computing_and_Impacts_to_Enterprises;Slaiman Nasrollah;NA;;

Examples

List wrapper
List item
L;finance.gov.au;Australian Government Cloud
Computing Policy;http://www.finance.gov.au/sites/default/files/australian-government-cloud-computing-policy-3.pdf;NA;NA;;
List item
L;safecomputing.umich.edu;University of Michigan - Cloud Computing and Information Security Policy;http://www.safecomputing.umich.edu/protect-um-data/cloud-security.php;NA;NA;;

Anchor
further_reading
further_reading

Further Reading

Further reading

Children Display
depth2
excerptTypesimple

Cta item
resourceID001

Cta item
resourceID002

Cta item
resourceID003