Yeluri and Castro-Leon 2014 (†659)Yeluri, Raghu, and Enrique Castro-Leon. Building the Infrastructure for Cloud Security: A Solutions View (Apress Media, LLC, 2014).
- best practice (p.140): Security in the cloud is based on best practices evolved over years in order to meet new threats and adapt to new hacking technologies. These best practices can be applied to cloud computing, and a number of companies provide services out of the box to enhance cloud computing security. While many see cloud computing as a technical revolution, the security applied to it is based on hard experience, evolved from known protective measures and standard operating practices. Practices include encrypting data at rest, separation of concerns through delegated administration, application fingerprinting, secure logging, secure backups, auditing, and threat identification. (†1527)
- data state (data state): Cloud services raise access and protection issues for user data and applications, including source code. Who has access, and what is left behind when an organization scales down a service? How is corporate confidential data protected from the virtual infrastructure administrators and cloud co-tenants? Encryption of data, at rest, in transit, and eventually in use, becomes a basic requirement, yet it comes with a performance cost (penalty). (†1505)
- identity management (p.22): Identity management (IdM) is described as “the management of individual identities, their authentication, authorization, roles, and privileges/permissions within or across system and enterprise boundaries, with the goal of increasing security and productivity while decreasing cost, downtime, and repetitive tasks.” (†1506)
- transparency (p.11): Specific to security, operational transparency means it can be used as a building block for auditable IT processes, an essential security requirement. (†1503)
- transparency (p.21): Implementing a level of transparency at the lowest layers of the cloud, through the development of standards, instrumentation, tools, and linkages to monitor and prove that the IaaS cloud’s physical and virtual servers are actually performing as they should be and that they meet defined security criteria. The expectation is that the security of a cloud service should match or exceed the equivalent in house capabilities before it can be considered an appropriate replacement. (†1504)