Topics
Concerns

Concerns

In considering all the positive advantages that moving to the cloud would convey, as described in the Introduction, one critical aspect remains. Users of cloud services are responsible for the security of their own information and applications. While security is certainly part of a cloud service, the extent of that service, the breadth and depth of that service, and the delivery of that service as applied in respect to an individual user, is not the same as your personal interest in, and responsibility for, security.

The following pages address in detail, and from the viewpoint of the user, crucial aspects of security in the cloud. They are:

Access Control

How to ensure that information is accessible only by its intended users and is not accessible to anyone else. Specific topics include:

  • Passwords
  • Multi-Factor Authentication (MFA)
  • PKI
  • Shared Identity Service

Integrity

How to ensure that information and applications are not altered or deleted. Specific topics include:

Technical Methods

  • Data encryption
  • Checksums
  • Hashes
  • Digital signatures
  • Blockchain

Operational Methods

  • Access logs
  • Monitoring

Availability

How to ensure that information is accessible to the intended users when needed. Specific topics include:

  • Backup and Recovery
  • Disaster Recovery
  • Continuity of Operations Plan (COOP)

Compliance

How to ensure that cloud security objectives are being satisfied. Specific topics include:

  • Governance Approach
  • Accreditation
  • Monitoring: Intrusion Detection, AntiVirus
  • Audit
  • Security Analytics: Performance, Provisioning, Metrics, SLAs

Continue to Access Control.