Chapter 4. Cloud Computing Risk Issues
Institutions will try to preserve the problem to which they are the solution.
In addition to the risks and threats inherent in traditional IT computing, cloud computing presents an organization with its own set of security issues.
This chapter examines cloud computing risk to privacy assurance and compliance regulations, how cloud computing presents a unique risk to "traditional" concepts of data, identity, and access management traversing infrastructure, and how those risks and threats may be unique to cloud service providers (CSP).
The CIA Triad
The three fundamental tenets of information security — confidentiality, integrity, and availability (CIA) — define an organization's security posture. All of the information security controls and safeguards, and all of the threats, vulnerabilities, and security processes are subject to the CIA yardstick.
Confidentiality
Confidentiality is the prevention of the intentional or unintentional unauthorized disclosure of contents. Loss of confidentiality can occur in many ways. For example, loss of confidentiality can occur through the intentional release of private company information or through a misapplication of network rights.
Some of the elements of telecommunications used to ensure confidentiality are as follows:
Network security protocols
Network authentication services
Data encryption services
Integrity
Integrity is the guarantee that the message sent is the message received and that the message ...
Get Cloud Security: A Comprehensive Guide to Secure Cloud Computing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.