Here I am going to answer all these questions and explaining about Cloud Security in this context.

Is your data secure in Cloud environment?

Yes, your data will be secured in cloud environment if you can design security solution/configurations leveraging public cloud providers features and third-party tools efficiently.

The amount of security configuration work you must do will varies, depending on what kind of cloud services you select and how sensitive your data is.

Security in Cloud creates a shared responsibility model between the customer and Cloud Service Provider (CSP). CSPs are responsible for securing the infrastructure (hardware, software, networks, and facilities of their Data center) that supports the cloud and you will be responsible for anything you put on the cloud or connect to the cloud (Data, Operating System, softwares, tools, License, Access, Credentials, authentication, encryption etc.)

Is your data in Cloud Hackable?

No, cloud systems are not hackable in terms of technology, hardware and network services provided by cloud provider. However, if security configurations are not done accurately by the user then loopholes in security may lead vulnerability in your cloud environment.

Can your data be disclosed by the Cloud Service Provider?

Your content/data will not be disclosed unless service provider required to do so to comply with the law of the country or a valid and binding order of a governmental or regulatory body. Unless prohibited from doing so or there is clear indication of illegal conduct about the use of CSP’s products or services. CSP notifies customers before disclosing customer content so they can seek protection from disclosure.

To understand all above and similar security related concerns you should first understand Cloud Security. Let’s discuss what is cloud security and how many domains we need to take care from cloud security point of view.

What is Cloud Security?

As every second your information/data travel through cloud and from different locations, networks and regions. We need to ensure it is not leaked in process of transmission from one place to other. Typically, all firms are well verse about physical and technical security of their On-premise data center. Similarly, cloud services and Infrastructure need to be secured to protect the confidentiality, integrity, and availability of your or your client data.

In Cloud context, security is a shared responsibility between the Cloud Service Provider (CSP) and its users/customers. CSPs take care of physical and logical security of its underlying hardware until Hypervisor layer. However, anything above Operating System is Client responsibility because customer owns the data and service provider has no access to it. Although it also varies in each model of Cloud Computing for some services.

Cloud Security is all about leveraging security features and tools to design and build a secure cloud environment to protect the privacy and integrity of cloud customers and their data. Cloud Security is blend of technologies and policies designed to adhere and regulate compliance rules and protect information, data applications and infrastructure associated with Cloud Computing use.

Cloud Security Categories

From cloud security perspective, below are the cloud security domains or categories that needs to be considered while building cloud environment.

1. Physical Security
2. Network security
3. System Security
4. Application Security
5. Data Security
6. Identity and Access management
7. Encryptions
8. Security operations

Each ownership for each type of security in cloud varies in each model of Cloud. You can see who is responsible for  what in each cloud model in below image.

1. Physical Security- is the protection of hardware, software, networks and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution. CSPs are responsible to take care of this security.
2. Network Security – Includes data security in transit to and from the public cloud provider. It means designing and building network configuration and its elements allowing a secure access to cloud resources from your on-premise Data centers, Office, Internet etc. This security is shared responsibility between CSPs & Customer.
3. System Security- This capability covers operating system hardening, protection and policy control. The host security at PaaS and SaaS Level are transferred to CSP.
4. Application Security – It’s a shared responsibility in cloud context to protect the application running over the cloud. Based on type of cloud model application security is managed, for e.g in SaaS cloud provider will manage the security of the application. While at the PaaS level platform security will be managed by CSP and deployed application will be customer responsibility.
5. Data Security – Data security capability includes securing data in transit and at rest it to avoid data loss and exposure.
6. Identity and Access management- This capability evolves around authentication, verification and authorization of cloud resources.
7. Encryptions – As all communications between regions is across public Internet infrastructure; therefore, appropriate encryption methods should be used to protect sensitive data.
8. Security operations- Governance and strategic direction on security policies, risk assessment and its maintenance.

Choose Cloud Service Provider considering Data Security, Information Security and Quality Assurance?

Its depends on data and its criticality in terms of sensitivity, availability & durability requirement. For choosing most reliable cloud service provider we must consider CSP’s accreditations, security certifications and third party audit assessment reports. All major cloud service provider share their policies accreditation on data privacy, security, durability, availability information on their respective portals under valid Non-disclosure agreement. These certifications are global and can be achieved through periodic rigorous external audit accredited certification bodies based on NIST (National Industrial Security Program Operating Manual) global standards.

Some of the Most popular Cloud Service Provider Accreditations and Certification for cloud computing compliance and security are given in attached article. Read it to understand Cloud Accreditations and Certification that will finally help you to choose right Cloud Service Provider.

I hope you like this article. Please follow us on our facebook page and on Twitter handle to get latest updates.

Reference Links: Azure , AWS  ,Google ,IBM

The post Understanding Cloud Security & Data Protection appeared first on Techyaz.com.

Compliance Program provided by Cloud Services Providers

Cloud Service providers ensure robust controls to secure their infrastructure, to protect client data. As virtual systems build over the cloud Infrastructure need also to be secured and it comes with shared responsibility and compliance. Cloud Data center environment comes with audit friendly features and standards to ensure client satisfaction about their data security. The IT infrastructure that CSP provides to its customers is designed and managed in orientation with security best practices and a variety of IT security standards due to economies of scale, including but not limited to the following:

AWS (Amazon) Security Certifications /Accreditation 

• Cloud Computing Compliance Controls Catalogue (C5)
• FedRAMP Partner Package
• Global Financial Services Regulatory Principles IRAP Package
• ISO 27001:2013 Certification and Statement of Applicability (SoA)
• ISO 27017:2015 Certification and Statement of Applicability (SoA)
• ISO 27018:2014 Certification and Statement of Applicability (SoA)
• ISO 9001:2015 Certification
• MAS TRM Guidelines Workbook
• PCI DSS Attestation of Compliance (AOC) and Responsibility Summary
• PSN Connection Compliance Certificate (CoCo)
• PSN Service Provision Compliance Certificate
• Quality Management System Overview
• Service Organization Controls (SOC) 1 Report
• Service Organization Controls (SOC) 2 Report
• Service Organization Controls (SOC) 3 Report
• SOC Continued Operations

 Microsoft Azure Security and Compliance Certifications / Accreditation 

• ISO 27001, FedRAMP, SOC 1 and SOC 2.
• The Content Delivery and Security Association (CDSA)
• Criminal Justice Information Services (CJIS)
• The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) CSACCM
• EU Model Clause
• FDA 21 CFR Part 11(The US Food and Drug Administration (FDA) Code of Federal
• Regulations (CFR) Title 21 Part 11)
• FedRAMP(Federal Risk and Authorization Management Program (FedRAMP)
• The Family Educational Rights and Privacy Act (FERPA)
• FIPS 140-2. Federal Information Processing Standard (FIPS) Publication 140-2
• The Health Insurance Portability and Accountability Act (HIPAA)
• IRAP (Australian Government Information Security Registered Assessors Program)
• ISO/IEC 27001/27002:2013
• Multi-Level Protection Scheme (MLPS) is based on the Chinese state standard issued by the Ministry of Public Security
• Multi-Tier Cloud Security Standard for Singapore (MTCS SS),
• Payment Card Industry (PCI) Data Security Standards (DSS) version 3.0
• TCS CCCPPF Trusted Cloud Service certification developed by the China Cloud Computing Promotion and Policy Forum (CCCPPF)
• UK G-Cloud. 

Google Security and Compliance Certifications / Accreditation

• SSAE16 / ISAE 3402 Type II:
• SOC 1
• SOC 2
• SOC 3 public audit report
• ISO 27017, Cloud Security
• ISO 27018, Cloud Privacy
• FedRAMP ATO for Google App Engine
• PCI DSS v3.2
• HIPAA
• CSA STAR
• MTCS Tier 3 Certification (Singapore)
• Google Cloud Platform and the EU Data Protection Directive 

IBM Security and Compliance Certifications / Accreditation

• FedRAMP
• FISMA
• FFIEC
• SOC Reports
• ISO 27001
• ISO 27017
• ISO 27018
• Cloud Security Alliance
• PCI Compliance
• HIPAA
• HITRUST Assessment
• GSMA (DAL09, PAR01)
• CJIS Standards
• EU Model Clauses
• Privacy Shield
• IBM ISO Management System Certifications

Related Read:

• What is Cloud Computing?
• Understanding Cloud Security & Data Protection in Cloud

I hope you like this article. Please follow our Facebook page and Twitter handle to get latest updates.

Reference Links: Azure , AWS  ,Google ,IBM

The post Top 5 Cloud Service Provider Accreditations and Third-Party Auditor Reports appeared first on Techyaz.com.