In considering all the positive advantages that moving to the cloud would convey, as described in the Introduction, one critical aspect remains. Users of cloud services are responsible for the security of their own information and applications. While security is certainly part of a cloud service, the extent of that service, the breadth and depth of that service, and the delivery of that service as applied in respect to an individual user, is not the same as your personal interest in, and responsibility for, security.

The following pages address in detail, and from the viewpoint of the user, crucial aspects of security in the cloud. They are:

Access Control

How to ensure that information is accessible only by its intended users and is not accessible to anyone else. Specific topics include:

  • Passwords
  • Multi-Factor Authentication (MFA)
  • PKI
  • Shared Identity Service


How to ensure that information and applications are not altered or deleted. Specific topics include:

Technical Methods

  • Data encryption
  • Checksums
  • Hashes
  • Digital signatures
  • Blockchain

Operational Methods

  • Access logs
  • Monitoring


How to ensure that information is accessible to the intended users when needed. Specific topics include:

  • Backup and Recovery
  • Disaster Recovery
  • Continuity of Operations Plan (COOP)


How to ensure that cloud security objectives are being satisfied. Specific topics include:

  • Governance Approach
  • Accreditation
  • Monitoring: Intrusion Detection, AntiVirus
  • Audit
  • Security Analytics: Performance, Provisioning, Metrics, SLAs

Continue to Access Control.