2. SECURITY IN CLOUD
• The architecture of a cloud is developed at three layers: infrastructure, platform,
and application.
3. Cloud Security Challenges
• Lose control over physical security
• Storage services created by one vendor may be incompatible with another vendor
services
• If information is encrypted while passing through the cloud, who controls the
encryption/decryption keys
• Ensuring the integrity of data.
• Cloud applications undergo constant features additions, and user must keep up to
date with application improvements
• Having proper fail-over technology is a component of securing the cloud that is
often overlooked.
5. Software-as-a-Service Security
• Security Management (People)
• Security Governance
• Risk Management
• Risk Assessment
• Security Portfolio Management
• Security Awareness
• Education and Training
• Policies, Standards, and Guidelines
• Secure Software Development Life Cycle (SecSDLC)
• Security Monitoring and Incident Response
• Third-Party Risk Management
6. Software-as-a-Service Security
• Requests for Information and Sales Support
• Business Continuity Plan
• Forensics
• Security Architecture Design
• Vulnerability Assessment
• Password Assurance Testing
• Logging for Compliance and Security Investigations
• Security Images
• Data Privacy
• Data Governance
• Data Security
7. Software-as-a-Service Security
• Application Security
• Virtual Machine Security
• Identity Access Management (IAM)
• Change Management
• Physical Security
• Business Continuity and Disaster Recovery
• The Business Continuity Plan