Text

Securing the cloud: cloud computer security techniques and tactics

---

Contents

CHAPTER 1 Introduction to Cloud Computing and Security 1
Understanding Cloud Computing 1
Cloud Scale, Patterns, and Operational Efficiency 2
A Synergistic Trick 3
Elasticity, Shape Shifting, and Security 3
The IT Foundation for Cloud 4
Cloud Computing as Foundation for Cloud Services 5
Cloud Computing Qualities 7
The Bottom Line 8
An Historical View: Roots of Cloud Computing 10
Decentralization and Proliferation 10
Networking, The Internet, and The Web 11
Virtualization 12
A Brief Primer on Security: From 50,000 ft 13
Terminology and Principles 14
Risk Management 17
Security Must Become a Business Enabler 17
A Brief Primer on Architecture 18
Systems Engineering 19
IT Architecture 20
Security Architecture: A Brief Discussion 20
Defense in Depth 23
Cloud Is Driving Broad Changes 23
Cloud Works Today 24
Valid Concerns 25
Summary 26
Endnotes 26

CHAPTER 2 Cloud Computing Architecture 29
Cloud Reference Architecture 29
Revisiting Essential Characteristics 30
Cloud Service Models 33
Cloud Deployment Models 35
Control over Security in the Cloud Model 37
Cloud Application Programming Interfaces 39
Making Sense of Cloud Deployment 39
Public Clouds 40
Private Clouds 40
Community Clouds 41
Hybrid Clouds 41
Making Sense of Services Models 43
Cloud Software-as-a-Service 43
Cloud Platform-as-a-Service 43
Cloud Infrastructure-as-a-Service 43
How Clouds Are Formed and Key Example 44
Using Virtualization to Form Clouds 45
Using Application or Services to Form Clouds 48
Real-World Cloud Usage Scenarios 49
Virtualization Formed Clouds 49
Application/Service Formed Clouds 51
Hybrid Cloud Models 52
Summary 52
Endnotes 52

CHAPTER 3 Security Concerns, Risk Issues, and Legal Aspects 55
Cloud Computing: Security Concerns 56
A Closer Examination: Virtualization 57
A Closer Examination: Provisioning 62
A Closer Examination: Cloud Storage 64
A Closer Examination: Cloud Operation, Security, and Networking 66
Assessing Your Risk Tolerance in Cloud Computing 67
Assessing the Risk 68
Information Assets and Risk 69
Privacy and Confidentiality Concerns 70
Data Ownership and Locale Concerns 71
Auditing and Forensics 72
Emerging Threats 73
So, Is It Safe? 73
Legal and Regulatory Issues 74
Third Parties 75
Data Privacy 79
Litigation 84
Summary 85
Endnotes 87

CHAPTER 4 Securing the Cloud: Architecture 89
Security Requirements for the Architecture 91
Physical Security 91
Cloud Security Standards and Policies 93
Cloud Security Requirements 94
Security Patterns and Architectural Elements 102
Defense In-depth 102
Honeypots 104
Sandboxes 104
Network Patterns 104
The Importance of a CMDB 107
Cabling Patterns 109
Resilience and Grace 110
Planning for Change 111
Cloud Security Architecture 111
Cloud Maturity and How It Relates to Security 112
Jericho Forum 113
Representative Commercial Cloud Architectures 114
Representative Cloud Security Architectures 115
Planning Key Strategies for Secure Operation 121
Classifying Data and Systems 121
Define Valid Roles for Cloud Personnel and Customers 122
Summary 123
Endnotes 123

CHAPTER 5 Securing the Cloud: Data Security 125
Overview of Data Security in Cloud Computing 125
Control over Data and Public Cloud Economics 126
Organizational Responsibility: Ownership and Custodianship 127
Data at Rest 128
Data in Motion 130
Common Risks with Cloud Data Security 130
Data Encryption: Application and Limits 132
Overview of Cryptographic Techniques 133
Common Mistakes or Errors with Data Encryption 135
Cloud Data Security: Sensitive Data Categorization 137
Authentication and Identity 137
Access Control Techniques 138
Data Categorization and the Use of Data Labels 140
Application of Encryption for Data at Rest 141
Application of Encryption for Data in Motion 142
Impediments to Encryption in the Cloud 143
Deletion of Data 143
Data Masking 144
Cloud Data Storage 145
Cloud Lock-in (the Roach Motel Syndrome) 146
Metadata 148
Avoiding Cloud Lock-in (the Roach Motel Syndrome) 149
Summary 150
Endnotes 151

CHAPTER 6 Securing the Cloud: Key Strategies and Best Practices 153
Overall Strategy: Efficiently Managing Risk 154
Risk Management: Stages and Activities 154
Overview of Security Controls 156
Cloud Security Controls Must Meet Your Needs 156
NIST Definitions for Security Controls 157
Unclassified Models 158
Classified Models 160
The Cloud Security Alliance Approach 161
The Limits of Security Controls 162
Security Exposure Will Vary over Time 164
Exploits Don’t Play Fair 164
Best Practices 165
Best Practices for Cloud Computing: First Principals 165
Best Practices across the Cloud Community 170
Other Best Practices for Cloud Computing: Cloud Service Consumers 172
Other Best Practices for Cloud Computing: Cloud Service Providers 173
Security Monitoring 174
The Purpose of Security Monitoring 176
Transforming an Event Stream 177
The Need for C.I.A. in Security Monitoring 183
The Opportunity for MaaS 184
Summary 184
Endnotes 185

CHAPTER 7 Security Criteria: Building an Internal Cloud 187
Private Clouds: Motivation and Overview 187
Security Implication: Shared versus Dedicated Resources 189
Considerations for Achieving Cost Savings 190
Private Clouds: The Castle Keep? 193
Analysis to Support Architecture Decisions 194
Security Criteria for Ensuring a Private Cloud 195
Network Considerations 196
Data Center Considerations 202
Operational Security Considerations 206
Regulation 208
Summary 209
Endnotes 210

CHAPTER 8 Security Criteria: Selecting an External Cloud Provider 211
Selecting a CSP: Overview of Assurance 211
Vendor Claims and Independent Verification 212
Selecting a CSP: Vendor Transparency 215
Selecting a CSP: Overview of Risks 217
Risk Will Vary by Customer and by CSP 217
Assessing Risk Factors 218
Selecting a CSP: Security Criteria 224
Security Criteria: Revisiting Defense-in-depth 225
Security Criteria: Other Considerations 229
Additional Security-relevant Criteria 229
Summary 232
Endnotes 232

CHAPTER 9 Evaluating Cloud Security: An Information Security Framework 233
Evaluating Cloud Security 234
Existing Work on Cloud Security Guidance or Frameworks 235
Checklists for Evaluating Cloud Security 237
Foundational Security 238
Business Considerations 240
Defense-in-depth 242
Operational Security 246
Metrics for the Checklists 249
Summary 249
Endnotes 250

CHAPTER 10 Operating a Cloud 253
From Architecture to Efficient and Secure Operations 255
The Scope of Planning 255
Physical Access, Security, and Ongoing Costs 256
Logical and Virtual Access 257
Personnel Security 257
From the Physical Environment to the Logical 259
Bootstrapping Secure Operations 260
The Refinement of Procedures and Processes over Time 260
Efficiency and Cost 260
Security Operations Activities 262
Server Builds 263
Business Continuity, Backup, and Recovery 265
Managing Changes in Operational Environtments 266
Information Security Management 269
Vulnerability and Penetration Testing 270
Security Monitoring and Response 271
Best Practices 274
Resilience in Operations 275
Summary 275
Endnotes 277

---

Availability

Detail Information

Series Title

--

Call Number

004.6782 WIN s

Publisher

Massachusetts : Syngress., 2011

Collation

xxiv, 290 hlm.; ilus.; 24 cm

Language

English

ISBN/ISSN

9781597495929

Classification

004.6782

Content Type

-

Media Type

-

Carrier Type

-

Edition

--

Subject(s)

Cloud computing -- Security measures

Specific Detail Info

--

Statement of Responsibility

Vic J.R. Winkler

Other version/related

File Attachment

Comments

---

You must be logged in to post a comment