ABSTRACT

Owing to these challenges, securing the cloud has become an urgent need for many organizations. A significant amount of resources has been expended to secure the cloud. In this chapter, we will examine the security issues surrounding the cloud. Our work has been influenced by the 10 CISSP (Certified Information Systems Security Professional) modules that discuss security [HARR10], as well as the excellent book on cloud security by Mather et al. [MATH09]. Specifically, we will review the 10 CISSP modules that discuss security concepts and examine them for the cloud. ese modules are the following:

◾ Information systems security and governance ◾ Security architectures ◾ Security/access control models

◾ Cryptography ◾ Network security ◾ Data and applications security ◾ Legal aspects including privacy and forensics ◾ Business continuity planning and disaster recovery ◾ Physical security ◾ Operations management

e organization of this chapter is as follows. Cloud computing security and governance will be discussed in Section 16.2. Security architecture for cloud computing will be discussed in Section 16.3. Access control and identity management for the cloud will be discussed in Section 16.4. Data and applications security issues for the cloud will be discussed in Section 16.5. Privacy, compliance, and forensics for the cloud will be discussed in Section 16.6. Cryptographic solutions will be discussed in Section 16.7. Network security issues for the cloud will be discussed in Section 16.8. Business continuity planning will be discussed in Section 16.9. Operations security will be discussed in Section 16.10. Physical security issues will be discussed in Section 16.11. is chapter is summarized in Section 16.12. Figure 16.1 illustrates the various aspects discussed in this chapter.