DOCSLIB.ORG

Security Guidance for Critical Areas of Focus in Cloud Computing V4.0

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

The permanent and official location for Cloud Security Alliance’security S Guidance for Critical Areas of Focus in Cloud Computing v4.0 is https://cloudsecurityalliance.org/download/security- guidance-v4/. Official Study Guide for the © 2017 Cloud Security Alliance – All Rights Reserved. The Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 (“Guidance v4.0”) is licensed by the Cloud Security Alliance under a Creative Commons Attribution-NonCommercial- ShareAlike 4.0 International License (CC-BY-NC-SA 4.0). Sharing - You may share and redistribute the Guidance in any medium or any format, only for non- commercial purposes. Adaptation - You may adapt, transform, modify and build upon the Guidance v4 and distribute the modified Guidance v4.0, only for non-commercial purposes. Attribution - You must give credit to the Cloud Security Alliance, link to Guidance v4.0 webpage located at https://cloudsecurityalliance.org/download/security-guidance-v4/, and indicate whether changes were made. You may not suggest that CSA endorsed you or your use. Share-Alike - All modifications and adaptations must be distributed under the same license as the original Guidance v4.0. No additional restrictions - You may not apply legal terms or technological measures that restrict others from doing anything that this license permits. Commercial Licenses - If you wish to adapt, modify, share or distribute copies of the Guidance v4.0 for revenue generating purposes you must first obtain an appropriate license from the Cloud Security Alliance. Please contact us at [email protected]. Notices: All trademark, copyright or other notices affixed onto the Guidance v4.0 must be reproduced and may not be removed. Security Guidance v4.0 © Copyright 2017, Cloud Security Alliance. All rights reserved 2 FOREWORD Welcome to the fourth version of the Cloud Security Alliance’s Security Guidance for Critical Areas of Focus in Cloud Computing. The rise of cloud computing as an ever-evolving technology brings with it a number of opportunities and challenges. With this document, we aim to provide both guidance and inspiration to support business goals while managing and mitigating the risks associated with the adoption of cloud computing technology. The Cloud Security Alliance promotes implementing best practices for providing security assurance within the domain of cloud computing and has delivered a practical, actionable roadmap for organizations seeking to adopt the cloud paradigm. The fourth version of the Security Guidance for Critical Areas of Focus in Cloud Computing is built on previous iterations of the security guidance, dedicated research, and public participation from the Cloud Security Alliance members, working groups, and the industry experts within our community. This version incorporates advances in cloud, security, and supporting technologies; reflects on real-world cloud security practices; integrates the latest Cloud Security Alliance research projects; and offers guidance for related technologies. The advancement toward secure cloud computing requires active participation from a broad set of globally-distributed stakeholders. CSA brings together this diverse community of industry partnerships, international chapters, working groups, and individuals. We are profoundly grateful to all who contributed to this release. Please visit cloudsecurityalliance.com to learn how you can work with us to identify and promote best practices to ensure a secure cloud computing environment. Best regards, Luciano (J.R.) Santos Executive Vice President of Research Cloud Security Alliance Security Guidance v4.0 © Copyright 2017, Cloud Security Alliance. All rights reserved 3 ACKNOWLEDGEMENTS Lead Authors Rich Mogull James Arlen Francoise Gilbert Adrian Lane David Mortman Gunnar Peterson Mike Rothman Editors John Moltz Dan Moren Evan Scoboria CSA Staff Jim Reavis Luciano (J.R.) Santos Hillary Baron Ryan Bergsma Daniele Catteddu Victor Chin Frank Guanco Stephen Lumpe (Design) John Yeoh Contributors On behalf of the CSA Board of Directors and the CSA Executive Team, we would like to thank all of the individuals who contributed time and feedback to this version of the CSA Security Guidance for Critical Areas of Focus in Cloud Computing. We value your volunteer contributions and believe that the devotion of volunteers like you will continue to lead the Cloud Security Alliance into the future. Security Guidance v4.0 © Copyright 2017, Cloud Security Alliance. All rights reserved 4 LETTER FROM THE CEO I am thrilled by this latest contribution to the community’s knowledge base of cloud security best practices that began with Cloud Security Alliance’s initial guidance document released in April of 2009. We hope that you will carefully study the issues and recommendations outlined here, compare with your own experiences and provide us with your feedback. A big thank you goes out to all who participated in this research. Recently, I had the opportunity to spend a day with one of the industry experts who helped found Cloud Security Alliance. He reflected that for the most part CSA has completed its initial mission, which was to prove that cloud computing could be made secure and to provide the necessary tools to that end. Not only did CSA help make cloud computing a credible secure option for information technology, but today cloud computing has become the default choice for IT and is remaking the modern business world in very profound ways. The resounding success of cloud computing and CSA’s role in leading the trusted cloud ecosystem brings with it even greater challenges and urgency into our renewed mission. Cloud is now becoming the back end for all forms of computing, including the ubiquitous Internet of Things. Cloud computing is the foundation for the information security industry. New ways of organizing compute, such as containerization and DevOps are inseparable from cloud and accelerating our revolution. At Cloud Security Alliance, we are committed to providing you the essential security knowledge you need for this fast moving IT landscape and staying at the forefront of next-generation assurance and trust trends. We welcome your participation in our community, always. Best regards, Jim Reavis Co-Founder & CEO Cloud Security Alliance Security Guidance v4.0 © Copyright 2017, Cloud Security Alliance. All rights reserved 5 TABLE OF CONTENTS DOMAIN 1 DOMAIN 2 DOMAIN 3 DOMAIN 4 Cloud Computing Governance and Enterprise Legal Issues, Contracts and Compliance and Concepts and Architectures Risk Management Electronic Discovery Audit Management DOMAIN 5 DOMAIN 6 DOMAIN 7 DOMAIN 8 Information Governance Management Plane and Infrastructure Virtualization and Containers Business Continuity Security DOMAIN 9 DOMAIN 10 DOMAIN 11 DOMAIN 12 Incident Response Application Security Data Security and Encryption Identity, Entitlement, and Access Management DOMAIN 13 DOMAIN 14 Security as a Service Related Technologies Security Guidance v4.0 © Copyright 2017, Cloud Security Alliance. All rights reserved 6 DOMAIN 1 Cloud Computing Concepts and Architectures 1.0 Introduction This domain provides the conceptual framework for the rest of the Cloud Security Alliance’s guidance. It describes and defines cloud computing, sets our baseline terminology, and details the overall logical and architectural frameworks used in the rest of the document. There are many different ways of viewing cloud computing: It’s a technology, a collection of technologies, an operational model, a business model, just to name a few. It is, at its essence, transformative and disruptive. It’s also growing very, very quickly, and shows no signs of slowing down. While the reference models we included in the first version of this Guidance are still relatively accurate, they are most certainly no longer complete. And even this update can’t possibly account for every possible evolution in the coming years. Cloud computing offers tremendous potential benefits inagility , resiliency, and economy. Organizations can move faster (since they don’t have to purchase and provision hardware, and everything is software defined), reduce downtime (thanks to inherent elasticity and other cloud characteristics), and save money (due to reduced capital expenses and better demand and capacity matching). We also see security benefits since cloud providers have significant economic incentives to protect customers. However, these benefits only appear if you understand and adoptcloud-native models and adjust your architectures and controls to align with the features and capabilities of cloud platforms. In fact, taking an existing application or asset and simply moving it to a cloud provider without any changes will often reduce agility, resiliency, and even security, all while increasing costs. The goal of this domain is to build the foundation that the rest of the document and its recommendations are based on. The intent is to provide a common language and understanding of cloud computing for security professionals, begin highlighting the differences between cloud and traditional computing, and help guide security professionals towards adopting cloud-native approaches that result in better security (and those other benefits), instead of creating more risks. Security Guidance v4.0 © Copyright 2017, Cloud Security Alliance. All rights reserved 7 This domain includes 4 sections: • Defining cloud computing • The cloud logical model • Cloud conceptual, architectural, and reference model • Cloud security and compliance scope,
Recommended publications
  • Emerging Issues & Challenges in Cloud Computing—A Hybrid

    Emerging Issues & Challenges in Cloud Computing—A Hybrid

    Journal of Software Engineering and Applications, 2012, 5, 923-937 923 http://dx.doi.org/10.4236/jsea.2012.531107 Published Online November 2012 (http://www.SciRP.org/journal/jsea) Emerging Issues & Challenges in Cloud Computing— A Hybrid Approach Yaser Ghanam, Jennifer Ferreira, Frank Maurer Department of Computer Science, University of Calgary, Calgary, Canada. Email: [email protected] Received October 16th, 2012; revised November 17th, 2012; accepted November 26th, 2012 ABSTRACT As cloud computing continues to gain more momentum in the IT industry, more issues and challenges are being re- ported by academics and practitioners. In this paper, we aim to attain an understanding of the types of issues and chal- lenges that have been emerging over the past five years and identify gaps between the focus of the literature and what practitioners deem important. A systematic literature review as well as interviews with experts have been conducted to answer our research questions. Our findings suggest that researchers have been mainly focusing on issues related to security and privacy, infrastructure, and data management. Interoperability across different service providers has also been an active area of research. Despite the significant overlap between the topics being discussed in the literature and the issues raised by the practitioners, our findings show that some issues and challenges that practitioners consider im- portant are understudied such as software related issues, and challenges pertaining to learning fast-evolving technologies. Keywords: Cloud Computing; Issues; Challenges; Systematic Literature Review 1. Introduction RQ2. How has the interest in different types of issues and challenges evolved over the past five years? With unprecedented adoption in industry over the past RQ3.
  • AWS Risk and Compliance Whitepaper for Additional Details - Policy Available At

    AWS Risk and Compliance Whitepaper for Additional Details - Policy Available At

    Amazon Web Services: Risk and Compliance January 2017 (Consult http://aws.amazon.com/compliance/resources for the latest version of this paper) Amazon Web Services Risk and Compliance January 2017 This document is intended to provide information to assist AWS customers with integrating AWS into their existing control framework supporting their IT environment. This document includes a basic approach to evaluating AWS controls and provides information to assist customers with integrating control environments. This document also addresses AWS-specific information around general cloud computing compliance questions. Table of Contents Risk and Compliance Overview .......................................................................................................................3 Shared Responsibility Environment ............................................................................................................................................... 3 Strong Compliance Governance ...................................................................................................................................................... 4 Evaluating and Integrating AWS Controls ...................................................................................................4 AWS IT Control Information ........................................................................................................................................................... 5 AWS Global Regions .........................................................................................................................................................................
  • Towards Efficient Migration for Elastic And

    Towards Efficient Migration for Elastic And

    UCSB Computer Science Technical Report 2010-05. Who’s Driving this Cloud? Towards Efficient Migration for Elastic and Autonomic Multitenant Databases Aaron Elmore Sudipto Das Divyakant Agrawal Amr El Abbadi Department of Computer Science University of California, Santa Barbara, CA, USA {aelmore, sudipto, agrawal, amr}@cs.ucsb.edu Abstract emerging class of applications and managing their data. Sharing The success of cloud computing as a platform for deploying web- the underlying data management infrastructure amongst a pool of applications has led to a deluge of applications characterized by tenants is thus essential for efficient use of resources and low cost small data footprints but unpredictable access patterns. An auto- of operations. Large multitenant databases are therefore an inte- nomic and scalable multitenant database management system (DBMS) gral part of the infrastructure to serve such large number of small is therefore an important component of the software stack for plat- applications [16, 19, 20]. forms supporting these applications. Elastic load balancing is a The concept of a multitenant database has been predominantly key requirement for effective resource utilization and operational used in the context of Software as a Service (SaaS). The Sales- cost minimization. Efficient techniques for database migration are force.com model [19] is often cited as a canonical example of this thus essential for elasticity in a multitenant DBMS. Our vision service paradigm. However, various other models of multitenancy is a DBMS where multitenancy is viewed as virtualization in the in the database tier [14, 16] and their interplay with resource shar- database layer, and migration is a first class notion with the same ing in the various cloud paradigms (IaaS, PaaS, and SaaS) are often stature as scalability, availability etc.
  • CLOUD COMPUTING up - Coming Era in IT Punam Assistant Professor, Department of Computer Science, University College Miranpur, Patiala

    CLOUD COMPUTING up - Coming Era in IT Punam Assistant Professor, Department of Computer Science, University College Miranpur, Patiala

    TRJ VOL. 2 ISSUE 6 NOV-DEC 2016 ISSN: 2454-7301 (PRINT) | ISSN: 2454-4930 (ONLINE) CLOUD COMPUTING UP - Coming Era in IT Punam Assistant Professor, Department of Computer Science, University College Miranpur, Patiala Abstract- The Cloud computing is a term which is a set of Remotely hosted: Services or data are hosted on remote technologies that allows computing applications and data to systems which mean someone else’s infrastructure. be visible as a set of services from a group of essential Omnipresent: Services or data are available from resources. The establishment of cloud computing comprises anywhere. of data centres (servers, storage, networking), the business Commodified: The result is a utility computing model applications and middleware, virtualization software and for which is equivalent to traditional that of traditional sure operating systems. The cloud computing infrastructure utilities, like gas and electricity. You pay for what you consists of services that are offered up and delivered would like. through data centres that can be accessed from anywhere in II. CLOUD COMPUTING ISSUES: the world. Cloud computing is very much beneficial for businesses now a days because of its valuable features. It is a) Privacy well suited for small organizations where there is budget or Privacy is the key issue that should be kept in mind while infrastructure limitation. The key idea behind this new adopting cloud computing. In cloud computing the private information sharing technology is virtualization which data of a company that was stored in its data centres moves reduces the need to install hardware on each and every into a public cloud which is open for everyone.
  • Security of Cloud Computing in the Iot Era

    Security of Cloud Computing in the Iot Era

    future internet Article Cyber-Storms Come from Clouds: Security of Cloud Computing in the IoT Era Michele De Donno 1 , Alberto Giaretta 2, Nicola Dragoni 1,2 and Antonio Bucchiarone 3,∗ and Manuel Mazzara 4,∗ 1 DTU Compute, Technical University of Denmark, 2800 Kongens Lyngby, Denmark; [email protected] (M.D.D.); [email protected] (N.D.) 2 Centre for Applied Autonomous Sensor Systems Orebro University, 701 82 Orebro, Sweden; [email protected] 3 Fondazione Bruno Kessler, Via Sommarive 18, 38123 Trento, Italy 4 Institute of Software Development and Engineering, Innopolis University, Universitetskaya St, 1, 420500 Innopolis, Russian Federation * Correspondence: [email protected] (A.B.); [email protected] (M.M.) Received: 28 January 2019; Accepted: 30 May 2019; Published: 4 June 2019 Abstract: The Internet of Things (IoT) is rapidly changing our society to a world where every “thing” is connected to the Internet, making computing pervasive like never before. This tsunami of connectivity and data collection relies more and more on the Cloud, where data analytics and intelligence actually reside. Cloud computing has indeed revolutionized the way computational resources and services can be used and accessed, implementing the concept of utility computing whose advantages are undeniable for every business. However, despite the benefits in terms of flexibility, economic savings, and support of new services, its widespread adoption is hindered by the security issues arising with its usage. From a security perspective, the technological revolution introduced by IoT and Cloud computing can represent a disaster, as each object might become inherently remotely hackable and, as a consequence, controllable by malicious actors.
  • Implementation of a Mini-Cloud E-Learning Supplementary Tool by Using Free Tier AWS

    Implementation of a Mini-Cloud E-Learning Supplementary Tool by Using Free Tier AWS

    See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/333670196 Implementation of a Mini-cloud E-learning Supplementary Tool by Using free Tier AWS Conference Paper · June 2019 DOI: 10.15359/cicen.1.79 CITATIONS READS 0 148 2 authors: Manuel Espinoza Majid Bayani National University of Costa Rica National University of Costa Rica 1 PUBLICATION 0 CITATIONS 21 PUBLICATIONS 88 CITATIONS SEE PROFILE SEE PROFILE Some of the authors of this publication are also working on these related projects: IoT-Based Library Automation & monitoring System View project All content following this page was uploaded by Majid Bayani on 09 June 2019. The user has requested enhancement of the downloaded file. Implementation of a Mini-cloud E-learning Supplementary Tool by Using free Tier AWS Manuel Espinoza-Guerrero [email protected] Universidad Nacional Costa Rica Majid Bayani-Abbasy [email protected] Universidad Nacional Costa Rica Resumen Las técnicas de e-learning han mejorado el rendimiento en el sistema educativo moderno. Falta un sistema de gestión de e-learning efectivo y de bajo costo, y las herramientas podría tener un impacto negativo en el rendimiento educativo. La incorporación de tecnologías en línea en el proceso de aprendizaje puede cubrir esta desventaja. El sistema de nube de Amazon Web Service es una de las últimas tecnologías que ofrecen grandes volúmenes de servicios en las plataformas de aprendizaje electrónico. Accesando la capa gratuita de AWS, el sistema de gestión de aprendizaje (un Moodle con MYSQL), el alojamiento de archivos y los servicios de gestión de contenido se consideran herramientas complementarias que son viables mediante el uso de la plataforma AWS.
  • Cloud Security and Privacy: an Enterprise Perspective on Risks and Compliance Pdf, Epub, Ebook

    Cloud Security and Privacy: an Enterprise Perspective on Risks and Compliance Pdf, Epub, Ebook

    CLOUD SECURITY AND PRIVACY: AN ENTERPRISE PERSPECTIVE ON RISKS AND COMPLIANCE PDF, EPUB, EBOOK Tim Mather, Subra Kumaraswamy, Shahed Laitf | 338 pages | 20 Oct 2009 | O'Reilly Media, Inc, USA | 9780596802769 | English | Sebastopol, United States Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance PDF Book Data ownership. Cloud Compliance Summary An integrated compliance view gives the overall health score, the total number of checks against compliance, the number of passes, and classified failures based on severity levels. Follow Us. Language: English. Cloud computing is a multi million dollar business. Francisco Eduardo Alves rated it it was amazing Jun 29, Book is in NEW condition. View 3 excerpts, references background. Get A Copy. Skip to search form Skip to main content You are currently offline. Content protection. Ideal for IT staffers, information security and privacy practitioners, business managers, service providers, and investors alike, this book offers you sound advice from three well-known authorities in the tech security world. Error rating book. General privacy challenges of cloud computing One of these challenges in cloud computing is connected to the sensitivity of the entrusted information. With Cloud Security and Privacy you will: Review the current state of data security and storage in the cloud Learn about identity and access management IAM practices for cloud services Discover which security management frameworks and standards are relevant Understand how privacy in the cloud compares with traditional computing models Learn about standards and frameworks for audit and compliance within the cloud Examine security delivered as a service--a different facet of cloud security Advance Praise " Cloud Security and Privacy is the seminal tome to guide information technology professionals in their pursuit of trust in 'on-demand computing.
  • THE EMERGING CLOUD ECOSYSTEM: Cyber Security Plus LI/RD

    THE EMERGING CLOUD ECOSYSTEM: Cyber Security Plus LI/RD

    Day 2, Thursday, 2012 Jan 19, 09.00 hrs SESSION 4: Security in the Cloud THE EMERGING CLOUD ECOSYSTEM: cyber security plus LI/RD Tony Rutkowski, Yaana Technologies 7th ETSI Security Workshop, 18‐19 Jan 2011 © ETSI 2012. All rights reserved Outline Security as a Business opportunity: A winning driver to ensure technology success and increase confidence and trust amongst end‐users ! CtCurrent Clou d dldevelopment s Cyber security and LI/RD developments Business opportunities 2 ETSI/Security Workshop (7) S4 The Basics: a new cloud‐based global communications infrastructure is emerging Global network architectures are profoundly, rapidly changing • PSTNs/mobile networks are disappearing • Internet is disappearing • Powerful end user devices for virtual services are becoming ubiquitous • End user behavior is nomadic • Huge data centers optimized for virtual services combined with local access bandwidth are emerging worldwide as the new infrastructure These changes are real, compelling, and emerging rapidly Bringing about a holistic “cloud” ecosystem is occupying idindustry in almost every venue around the world 3 ETSI/Security Workshop (7) S4 The Basics: a new cloud‐virtualized global communications architecture Virtualized Line or air Access, IdM & transport Intercloud Other cloud virtualization services, devices interfaces cloud virtualization services services especially for application support Access, IdM & transport General services Intercloud General Access, IdM & transport services General Intercloud Access, IdM & transport services
  • Data Protection and Collaboration in Cloud Storage

    Data Protection and Collaboration in Cloud Storage

    Technical Report 1210 Charting a Security Landscape in the Clouds: Data Protection and Collaboration in Cloud Storage G. Itkis B.H. Kaiser J.E. Coll W.W. Smith R.K. Cunningham 7 July 2016 Lincoln Laboratory MASSACHUSETTS INSTITUTE OF TECHNOLOGY LEXINGTON, MASSACHUSETTS This material is based on work supported by the Department of Homeland Security under Air Force Contract No. FA8721-05-C-0002 and/or FA8702-15-D-0001. Approved for public release: distribution unlimited. This report is the result of studies performed at Lincoln Laboratory, a federally funded research and development center operated by Massachusetts Institute of Technology. This material is based on work supported by the Department of Homeland Security under Air Force Contract No. FA8721-05- C-0002 and/or FA8702-15-D-0001. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of Department of Homeland Security. © 2016 MASSACHUSETTS INSTITUTE OF TECHNOLOGY Delivered to the U.S. Government with Unlimited Rights, as defined in DFARS Part 252.227-7013 or 7014 (Feb 2014). Notwithstanding any copyright notice, U.S. Government rights in this work are defined by DFARS 252.227-7013 or DFARS 252.227-7014 as detailed above. Use of this work other than as specifically authorized by the U.S. Government may violate any copyrights that exist in this work. Massachusetts Institute of Technology Lincoln Laboratory Charting a Security Landscape in the Clouds: Data Protection and Collaboration in Cloud Storage G. Itkis B. Kaiser J. Coll W. Smith R.
  • NIST Cloud Computing Standards Roadmap

    NIST Cloud Computing Standards Roadmap

    Special Publication 500-291, Version 2 NIST Cloud Computing Standards Roadmap NIST Cloud Computing Standards Roadmap Working Group NIST Cloud Computing Program Information Technology Laboratory NIST CLOUD COMPUTING STANDARDS ROADMAP This page left intentionally blank ii NIST Special Publication 500-291, Version 2 (Supersedes Version 1.0, July 2011) NIST Cloud Computing Standards Roadmap NIST Cloud Computing Standards Roadmap Working Group July 2013 U. S. Department of Commerce Penny Pritzker, Secretary National Institute of Standards and Technology Patrick D. Gallagher, Under Secretary of Commerce for Standards and Technology and Director NIST CLOUD COMPUTING STANDARDS ROADMAP This page left intentionally blank iv NIST CLOUD COMPUTING STANDARDS ROADMAP Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in federal computer systems. This document reports on ITL’s research, guidance, and outreach efforts in Information Technology and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Special Publication 500-291 V2 Natl. Inst. Stand. Technol. Spec. Publ. 500-291, 108 pages (May 24, 2013) DISCLAIMER This document has been prepared by the National Institute of Standards and Technology (NIST) and describes standards research in support of the NIST Cloud Computing Program.
  • Security for Cloud Computing Ten Steps to Ensure Success Version 3.0

    Security for Cloud Computing Ten Steps to Ensure Success Version 3.0

    Security for Cloud Computing Ten Steps to Ensure Success Version 3.0 December, 2017 Contents Acknowledgements 3 Revisions 3 Introduction 4 Cloud Security Landscape 5 Cloud Security Guidance 7 Step 1: Ensure effective governance, risk and compliance processes exist 8 Step 2: Audit operational and business processes 11 Step 3: Manage people, roles and identities 14 Step 4: Ensure proper protection of data 17 Step 5: Enforce privacy policies 20 Step 6: Assess the security provisions for cloud applications 22 Step 7: Ensure cloud networks and connections are secure 25 Step 8: Evaluate security controls on physical infrastructure and facilities 31 Step 9: Manage security terms in the cloud service agreement 32 Step 10: Understand the security requirements of the exit process 34 Cloud Security Assessment 35 Works Cited 38 Additional References 41 Appendix A: Distinctions Between Security and Privacy 42 Appendix B: Worldwide Privacy Regulations 43 Appendix C: Acronyms & Abbreviations 47 Copyright © 2017 Cloud Standards Customer Council Page 2 © 2017 Cloud Standards Customer Council. All rights reserved. You may download, store, display on your computer, view, print, and link to the Security for Cloud Computing: Ten Steps to Ensure Success white paper at the Cloud Standards Customer Council Web site subject to the following: (a) the document may be used solely for your personal, informational, non-commercial use; (b) the document may not be modified or altered in any way; (c) the document may not be redistributed; and (d) the trademark, copyright or other notices may not be removed. You may quote portions of the document as permitted by the Fair Use provisions of the United States Copyright Act, provided that you attribute the portions to the Cloud Standards Customer Council Security for Cloud Computing: Ten Steps to Ensure Success Version 3.0 (2017).
  • Ph.D. Thesis Security Policies for Cloud Computing Dimitra A. Georgiou

    Ph.D. Thesis Security Policies for Cloud Computing Dimitra A. Georgiou

    UNIVERSITΥ OF PIRAEUS ΠΑΝΕΠΙΣΤΗΜΙΟ ΠΕΙΡΑΙΩΣ School of Information and Communication Technologies Department of Digital Systems Systems Security Laboratory Ph.D. Thesis Security Policies for Cloud Computing A dissertation submitted for the degree of Doctor of Philosophy in Computer Science By Dimitra A. Georgiou PIRAEUS 2017 Advisory Committee Costas Lambrinoudakis, Professor (Supervisor) University of Piraeus -------------------------------------------------------------------------------- Sokratis Katsikas, Professor University of Piraeus -------------------------------------------------------------------------------- Christos Xenakis, Associate Professor University of Piraeus -------------------------------------------------------------------------------- UNIVERSITY OF PIRAEUS 2017 2 Examination Committee Costas Lambrinoudakis, Professor University of Piraeus -------------------------------------------------------------------------------- Sokratis Katsikas, Professor University of Piraeus -------------------------------------------------------------------------------- Christos Xenakis, Associate Professor University of Piraeus -------------------------------------------------------------------------------- Stefanos Gritzalis, Professor University of the Aegean (Member) -------------------------------------------------------------------------------- Spyros Kokolakis, Associate Professor University of the Aegean (Member) -------------------------------------------------------------------------------- Aggeliki Tsohou, Assistant Professor