The Cloud
Standards Customer Council (CSCC) has published a new whitepaper, Cloud
Customer Architecture for Securing Workloads on Cloud Services, that
outlines security services and corresponding best practices for
deploying a comprehensive cloud security architecture. The aim of this
new guide is to provide a practical reference to help IT architects and
IT security professionals architect, install, and operate the
information security components of solutions built using cloud services.
It is available for download at http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm
Many cloud services are now available, covering infrastructure, platform
and application capabilities. Building business solutions using cloud
services requires a clear understanding of the available security
services, components and options-allied to a clear architecture- which
addresses the complete lifecycle of cloud solutions covering
development, deployment and operations.
The following security components are covered in detail:
-
Identity and Access Management
-
Infrastructure Security
-
Application Security
-
Data Security
-
Secure DevOps
-
Security Monitoring and Vulnerability
-
Security Governance, Risk and Compliance
This paper is intended as an in-depth extension of the high level advice
offered in the CSCC's other papers: Security for Cloud Computing: Ten
Steps to Ensure Success V2.0 and Cloud Security Standards: What
to Expect & What to Negotiate V2.0.
The CSCC will host a complimentary webinar on Wednesday, April 19 from
2:00pm - 3:00pm ET to introduce the paper. Additional information and a
link to register are available at http://www.cloud-council.org/events.htm.