Cloud Security and Governance

Cloud Security and Governance: Who's on your cloud?

SUMNER BLOUNT
ROB ZANELLA
Copyright Date: 2010
Published by: IT Governance Publishing
Pages: 58
https://www.jstor.org/stable/j.ctt5hh63p
  • Cite this Item
  • Book Info
    Cloud Security and Governance
    Book Description:

    The rise of Cloud Computing, with services delivered “in the cloud”, offers businesses incredible power and flexibility. It promises the efficient use of human and financial capital resources, reducing infrastructure and operation costs. It proposes a model of computing that is effective at meeting the demands of business in a rapidly changing environment

    eISBN: 978-1-84928-091-4
    Subjects: Technology

Table of Contents

  1. Front Matter
    (pp. 2-4)
  2. FOREWORD
    (pp. 5-6)
    Michael Rasmussen

    Shifting paradigms introduce a period of fear, uncertainty and doubt.

    Organizations – as well as individual roles within the organization – find comfort in the old way of doing things, but are challenged to be innovative and leverage new approaches that bring agility, efficiency and effectiveness to enterprise operations. Cloud Computing is one of those paradigm shifts that is showing the power to completely revolutionize how technology delivers value to the business. It is aimed at the rapid provisioning and agility that business demands in its complex, dynamic and distributed business environment. It promises the efficient use of human and financial capital...

  3. PREFACE
    (pp. 7-7)
  4. ABOUT THE AUTHORS
    (pp. 8-9)
  5. ACKNOWLEDGEMENTS
    (pp. 10-10)
  6. Table of Contents
    (pp. 11-11)
  7. INTRODUCTION
    (pp. 12-12)

    From reading the trade press, and the vendor hype, one could conclude that Cloud Computing will revolutionize the way IT services are provided; or maybe not. The challenge is to separate the potentially significant business benefits that it can provide, from the hype and hyperbole that have often surrounded it.

    One of the most difficult challenges related to Cloud Computing, revolves around the security and compliance issues associated with it. This is not surprising, since moving a company’s key applications, their IT infrastructure, or their corporate and customer information to either an internal or external Cloud provider has risks. For...

  8. CHAPTER 1: CLOUD COMPUTING – A REFRESHER
    (pp. 13-22)

    Before we delve into Cloud security, let’s look at some key concepts relating to Cloud Computing.

    A definition of Cloud Computing is somewhat in the eye of the beholder. The definition that is generally accepted is from the National Institute of Standards and Technology (NIST), as follows:

    Cloud Computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

    There are several aspects of Cloud Computing that help define and categorize...

  9. CHAPTER 2: CLOUD SECURITY AND COMPLIANCE – SETTING THE STAGE
    (pp. 23-30)

    We have already considered some of the advantages that Cloud Computing can provide to most IT environments. Why, then, is there not a stampede to adopt this model of computing? Often, the most commonly expressed reasons are concerns about security, privacy and compliance. When one considers moving to the Cloud, the first thing most people worry about is whether their data will be secure, how their applications will be protected from inappropriate access by unauthorized persons, and how they can ensure that they will remain compliant with key security-related regulations and mandates. To illustrate the prevalence of these concerns, a...

  10. CHAPTER 3: SECURITY AND PRIVACY IN THE CLOUD
    (pp. 31-44)

    As we learned earlier, security and compliance are two of the primary inhibitors in Cloud adoption, as many enterprises feel that they would be sacrificing a known level of security (good or bad) for a relatively unknown level, as part of a move to a Cloud model. These concerns are based on understandable resistance to move critical security functions to an outside provider.

    This chapter highlights the security and privacy considerations to keep in mind when planning your Cloud strategy. The best solution to each issue is specific to your own requirements and business goals, but by highlighting these issues,...

  11. CHAPTER 4: COMPLIANCE IN THE CLOUD
    (pp. 45-51)

    As we have seen already, some of the most difficult compliance challenges are in the area of security. However, Cloud compliance has several important challenges that do not relate specifically to security. The solutions to these problems are not just technological, but also involve legal experts, auditors and global regulatory analysts. Some of the key compliance challenges that you will need to address with your Cloud providers include:

    Compliance in a multinational enterprise can be very complex. It’s not unlike having 10 direct managers, each of which is telling you to do something different. There can be significant overlap between...

  12. CHAPTER 5: RECOMMENDATIONS FOR EFFECTIVE CLOUD SECURITY AND COMPLIANCE
    (pp. 52-55)

    We have looked at some key issues that you will face as you move your IT environment to the Cloud, categorized as security, compliance and legal issues. Because the areas of security and compliance often represent the biggest inhibitors to adoption of Cloud Computing, and because the potential impacts of problems in these areas are so profound, it is essential that you carefully identify your requirements in these areas, perform extensive due diligence to ensure that your Cloud provider can meet those requirements, and work with your provider to develop and monitor processes that will help you both succeed.

    Here...

  13. ITG RESOURCES
    (pp. 56-58)