P. 1
Security Guidance for Critical Areas of Focus in Cloud Computing

Security Guidance for Critical Areas of Focus in Cloud Computing

Ratings:

4.67

(3)
|Views: 1,657 |Likes:
Published by Shahid N. Shah
Security Guidance for Critical Areas of Focus in Cloud Computing. Prepared by the Cloud Security Alliance April 2009.

Outlines areas of concern and guidance for organizations adopting cloud computing. The intention is to provide security practitioners with a comprehensive roadmap for being proactive in developing positive and secure relationships with cloud providers. Much of this guidance is also quite relevant to the cloud provider to improve the quality and security of their service offerings.
Security Guidance for Critical Areas of Focus in Cloud Computing. Prepared by the Cloud Security Alliance April 2009.

Outlines areas of concern and guidance for organizations adopting cloud computing. The intention is to provide security practitioners with a comprehensive roadmap for being proactive in developing positive and secure relationships with cloud providers. Much of this guidance is also quite relevant to the cloud provider to improve the quality and security of their service offerings.

More info:

Published by: Shahid N. Shah on May 07, 2009
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

10/18/2011

pdf

text

original

 
 
Security Guidance
for
Critical Areas of Focus
in
Cloud Computing
Prepared by the
Cloud Security Alliance
April 2009
 
 
Security Guidance for Critical Areas of Focus in Cloud ComputingCopyright © 2009 Cloud Security Alliance 2
Table of Contents
Foreword ............................................................................................................................. 3Acknowledgments............................................................................................................... 4Introduction ......................................................................................................................... 5Executive Summary and Key Guidance ............................................................................. 6Section I. Cloud Architecture ..................................................................................... 14Domain 1: Cloud Computing Architectural Framework ........................................ 15Section II. Governing in the Cloud .............................................................................. 25Domain 2: Governance and Enterprise Risk Management ..................................... 26Domain 3: Legal ..................................................................................................... 30Domain 4: Electronic Discovery ............................................................................. 41Domain 5: Compliance and Audit .......................................................................... 44Domain 6: Information Lifecycle Management ..................................................... 48Domain 7: Portability and Interoperability ............................................................. 51Section III. Operating in the Cloud ................................................................................ 54Domain 8: Traditional Security, Business Continuity and Disaster Recovery ....... 55Domain 9: Data Center Operations ......................................................................... 59Domain 10: Incident Response, Notification and Remediation................................ 62Domain 11: Application Security ............................................................................. 65Domain 12: Encryption and Key Management ........................................................ 72Domain 13: Identity and Access Management ......................................................... 74Domain 14: Storage .................................................................................................. 77Domain 15: Virtualization ........................................................................................ 79Appendix A. Contact Information ................................................................................... 83
 
Security Guidance for Critical Areas of Focus in Cloud ComputingCopyright © 2009 Cloud Security Alliance 3
Foreword
Welcome to the Cloud Security Alliance’s initial report, “Security Guidance for Critical Areas of Focus in Cloud Computing”. From our first organizing meeting in Silicon Valley in earlyDecember of 2008, we have moved rapidly to garner industry support and have reached out to amultitude of subject matter experts to develop this report. We look forward to your participationin reviewing this document and providing your feedback at public venues and in our workinggroups.My role as a Chief Information Security Officer is dual-purposed as it pertains to this subject. Iam responsible for security assurance as both a consumer and provider of cloud computingservices. Depending upon which hat I am wearing, I will have stronger affinity with anyparticular guidance recommendation in this document. However, if you accept the propositionthat cloud computing allows for the realization of economic efficiencies in computing, I stronglyfeel that the most cost effective way to secure the cloud is to do it right the first time.Implementing a high standard of security benefits both providers and consumers alike.The very nature of how businesses use information technology is being transformed by the 'on-demand' cloud computing model. It is imperative that information security leaders are engaged atthis early stage to help assure that the rapid adoption of cloud computing builds in informationsecurity best practices without impeding the business. I am proud to be a co-founder of thisimportant initiative.Best,Dave Cullinane, CPP, CISSPCISO & Vice President eBay MP Global Information Security

Activity (16)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
ajay.kumars liked this
lintuthomas liked this
lintuthomas liked this
iroko liked this
peterlimttk liked this
amramin1963 liked this
rk09 liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->