Reports

Security Considerations Cloud Computing whp Eng

Description
Security Considerations Cloud Computing whp Eng
Categories
Published
of 80
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
   1   2 Security Considerations for Cloud Computing  About ISACA ® With more than 100,000 constituents in 180 countries, ISACA ( www.isaca.org  ) is a leading global  provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences,  publishes the  ISACA ®  Journal  , and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor  ®  (CISA ® ), Certified Information Security Manager  ®  (CISM ® ), Certified in the Governance of Enterprise IT ®  (CGEIT ® ) and Certified in Risk and Information Systems Control TM  (CRISC TM ) designations.ISACA continually updates and expands the practical guidance and product family based on the COBIT ®  framework. COBIT helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business. Disclaimer ISACA has designed and created Security Considerations for Cloud Computing   (the “Work”)  primarily as an educational resource for governance and assurance professionals. ISACA makes no claim that use of any of the Work will assure a successful outcome. The Work should not  be considered inclusive of all proper information, procedures and tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific information, procedure or test, governance and assurance  professionals should apply their own professional judgment to the specific circumstances presented  by the particular systems or information technology environment. Reservation of Rights © 2012 ISACA. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval system or transmitted in any form by any means (electronic, mechanical, photocopying, recording or otherwise) without the prior written authorization of ISACA. Reproduction and use of all or portions of this publication are permitted solely for academic, internal and noncommercial use and for consulting/advisory engagements, and must include full attribution of the material’s source. No other right or permission is granted with respect to this work. ISACA 3701 Algonquin Road, Suite 1010Rolling Meadows, IL 60008 USAPhone: +1.847.253.1545Fax: +1.847.253.1443Email: info@isaca.org  Web site: www.isaca.org  Feedback: www.isaca.org/cloud-security Participate in the ISACA Knowledge Center: www.isaca.org/knowledge-center  Follow ISACA on Twitter: https://twitter.com/ISACANews Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial  Like ISACA on Facebook: www.facebook.com/ISACAHQ ISBN 978-60420-263-2 Security Considerations for Cloud Computing    Acknowledgments 3 A CKNOWLEDGMENTS ISACA wishes to recognize: Development Team Stefanie Grijp, PwC, BelgiumChris Kappler, PwC, BelgiumBart Peeters, CISA, PwC, BelgiumTomas Clemente Sanchez, PwC, Belgium Work Group Yves Marcel Le Roux, CISM, CISSP, CA Technologies, FranceAlan Mayer, USAPerry Menezes, CISM, CRISC, CIPP, CISSP, Deutsche Bank, USAYogendra Rajput, IndiaParas Shah, CISA, CGEIT, CRISC, CA, Transpire Pty Ltd., AustraliaBrett Smith, CISSP, ISSAP, Deutsche Bank, USA Expert Reviewers Muhammad Amir, CISA, CISM, CRISC, CEH, CISSP, MCSE Security, Security+,  NetSol Technologies Ltd., PakistanMark E.S. Bernard, CISA, CSIM, CGEIT, CRISC, CISSP, PM, ISO 27001, SABSA-F2, TechSecure Holdings Inc., CanadaRoberta Donaldson Caraglia, EMCIS, ITIL V3, EMC Consulting, USAChristos K. Dimitriadis, Ph.D., CISA, CISM, CRISC, INTRALOT S.A., GreeceMeenu Gupta, CISA, CISM, CBP, CIPP, CISPP, Mittal Technologies, USAMasatoshi Kajimoto, CISA, CRISC, Independent Consultant, JapanHesham Moussa, CISM, Lumension Security, USAJo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, CSEPS, RSM Bird Cameron, AustraliaLou Tinto, CISA, CRISC, CFE, CIA, NYLB, USASukhwinder Wadhwa, ITIL V3, Infosys Ltd, IndiaJustin Williams, CA (SA), Transnet, South Africa ISACA Board of Directors Gregory T. Grocholski, CISA, The Dow Chemical Co., USA, International PresidentAllan Boardman, CISA, CISM, CGEIT, CRISC, ACA, CA (SA), CISSP, Morgan Stanley, UK, Vice PresidentJuan Luis Carselle, CISA, CGEIT, CRISC, Wal-Mart, Mexico, Vice PresidentChristos K. Dimitriadis, Ph.D., CISA, CISM, CRISC, INTRALOT S.A., Greece, Vice PresidentRamses Gallego, CISM, CGEIT, CCSK, CISSP, SCPM, 6 Sigma, Quest Software, Spain, Vice PresidentTony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA, Queensland Government, Australia, Vice PresidentJeff Spivey, CRISC, CPP, PSP, Security Risk Management Inc., USA, Vice PresidentMarc Vael, Ph.D., CISA, CISM, CGEIT, CRISC, CISSP, Valuendo, Belgium, Vice PresidentKenneth L. Vander Wal, CISA, CPA, Ernst & Young LLP (retired), USA, Past International PresidentEmil D’Angelo, CISA, CISM, Bank of Tokyo-Mitsubishi UFJ Ltd., (retired), USA, Past International PresidentJohn Ho Chi, CISA, CISM, CRISC, CBCP, CFE, Ernst & Young LLP, Singapore, Director Krysten McCabe, CISA, The Home Depot, USA, Director Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, CSEPS, RSM Bird Cameron, Australia, Director  Knowledge Board Marc Vael, Ph.D., CISA, CISM, CGEIT, CRISC, CISSP, Valuendo, Belgium, ChairmanSteven A. Babb, CGEIT, CRISC, Betfair, UK Thomas E. Borton, CISA, CISM, CRISC, CISSP, Cost Plus, USAPhillip J. Lageschulte, CGEIT, CPA, KPMG LLP, USASalomon Rico, CISA, CISM, CGEIT, Deloitte, MexicoSteven E. Sizemore, CISA, CIA, CGAP, Texas Health and Human Services Commission, USA   4 Security Considerations for Cloud Computing  A CKNOWLEDGMENTS   (  CONT  .) Guidance and Practices Committee Phillip J. Lageschulte, CGEIT, CPA, KPMG LLP, USA, ChairmanDan Haley, CISA, CGEIT, CRISC, MCP, Johnson & Johnson, USAYves Marcel Le Roux, CISM, CISSP, CA Technologies, FranceAureo Monteiro Tavares Da Silva, CISM, CGEIT, Pelissari, BrazilJotham Nyamari, CISA, Deloitte, USAConnie Lynn Spinelli, CISA, CRISC, CFE, CGMA, CIA, CISSP, CMA, CPA, GRC Solutions LLC, USAJohn William Walker, CISM, CRISC, FBCS CITP, ITPC Secure Bastion Limited, UK Siang Jun Julia Yeo, CISA, CPA (Australia), Visa Worldwide Pte. Limited, Singapore Nikolaos Zacharopoulos, CISA, CISSP, DeutschePost–DHL, Germany ISACA and IT Governance Institute ®  (ITGI ® ) Affiliates and Sponsors Information Security ForumInstitute of Management Accountants Inc.ISACA chaptersITGI FranceITGI Japan Norwich UniversitySocitum Performance Management GroupSolvay Brussels School of Economics and ManagementStrategic Technology Management Institute (STMI) of the National University of SingaporeUniversity of Antwerp Management SchoolASIS InternationalHewlett-Packard IBMSymantec Corp.TruArx Inc.   Table of Contents 5 T ABLE   OF  C ONTENTS 1. Introduction  ................................................................................................................7 Background   ...................................................................................................................7 Purpose of This Document  ..........................................................................................7 Who Should Use This Guide?  ....................................................................................7 Scope and Approach  ....................................................................................................7 2. Cloud Computing  .......................................................................................................9 Essential Characteristics  ..............................................................................................9 Cloud Service Models  .................................................................................................9 Cloud Deployment Models  .......................................................................................10 The Key Element of Trust  .........................................................................................10 3. Overview of Security Risk and Threats Related to Operating in the Cloud  ...........................................................................................13 Visibility as a Critical Factor   ....................................................................................13 Information Assets and Risk   .....................................................................................14 Cost Considerations (or Cost as a Risk Event) ................................................15Privacy Considerations .....................................................................................15Risk Assessment When Migrating to the Cloud ..............................................16Risk Factors by Service Model  .................................................................................17 S1. IaaS .............................................................................................................17S2. PaaS ............................................................................................................19S3. SaaS ............................................................................................................20Risk Factors by Deployment Model  .........................................................................21 D1. Public Cloud ..............................................................................................22D2. Community Cloud .....................................................................................22D3. Private Cloud .............................................................................................23D4. Hybrid Cloud .............................................................................................24Overview of Threats and Mitigating Actions  ..........................................................24 Technical ..........................................................................................................25Regulatory ........................................................................................................29Information Security Governance ....................................................................30 4. The Path to the Decision and Beyond  ..................................................................35 Step 1. Preparation of the Internal Environment  .....................................................35 Step 2. Selection of the Cloud Service Model  ........................................................36 Breakdown of Cloud Service Model Decision Tree ........................................38Step 3. Selection of the Cloud Deployment Model  ................................................40 Breakdown of Cloud Deployment Decision Tree ............................................42Step 4. Selection of the Cloud Service Provider   .....................................................51
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks
SAVE OUR EARTH

We need your sign to support Project to invent "SMART AND CONTROLLABLE REFLECTIVE BALLOONS" to cover the Sun and Save Our Earth.

More details...

Sign Now!

We are very appreciated for your Prompt Action!

x