Introduction to Cloud Security

Cloud computing is both as similar to traditional computing as it is different. If you have ever had a Hotmail, Yahoo, Gmail or any other Web based email address then you have been cloud computing. Before the adoption of cloud computing network engineers would draw pictures of clouds in their network diagrams to represent the unknown connections between their company and the company they were connecting to. In this course we will gain a better understanding of Cloud Computing specifically by defining NIST as a service model and a deployment model. We will explore the service model options including IaaS, PaaS & SaaS then look at the deployment model categories including Private, Public, community & Hybrid.

Then we will go on to define security in the Cloud, specifically the risk in cloud computing. Then we will discuss the three categories of security including Logical security , Physical security, and Premises security. Next, we will learn about the factors affecting Cloud Security and how multitenancy, virtual networks & hypervisors add to the complexity. Then we discuss Hypervisor Security, specifically the vulnerabilities attributed to management console, management server, administrative VM, VM, Hypervisor, and Hypervisor escape. Finally, we learn how to protect data in the Cloud using physical and encryption methods as well as how to deal with incident response in the Cloud. All of this can be facilitated by sharing the knowledge about information security standards and guidelines, including ISO 27001, HIPAA, Sarbanes Oxley, PCI, FISA, ENISA, IEEE, ANSI, and NSA.