Cloud Computing

Continue reading on next page >

CRAIG PETERSØN.COM

CLO

UD

CY

BER

SECU

RIT

Y C

HEA

T S

HEE

T25

1

© 2019 Craig Peterson. All Rights Reserved.

Technically, it refers to the use of networkedinfrastructure software and capacity to provideresources to users in an on-demandenvironment. With cloud computing, informationis stored in centralized servers and cachedtemporarily on clients that can include desktopcomputers, notebooks, handhelds and otherdevices.

Cloud computing is just anew term for "Usingsomeone else's computer."It sure sounds good &easy. But ready on...

CLOUDCYBERSECURITY

CHEAT SHEET

Determine whether controls aresufficient and appropriate and if

they provide adequate protectionagainst anticipated threats along

with a plan for risk mitigation...

3

Business Challenges

including office applications and sales-and-marketing software etc. in use atenterprises. Popularity of cloud- basedapplications, platform and infrastructurestem from the following businessrequirements:

Quick Adoption: Business units lookingfor quick adoption of new applicationsas well as quickly change from oneapplication provider to another.Cost Benefit: Short term cost-effectivelicensingEffective Collaboration: Business groupslooking to collaborate with partners andcustomers, suppliers, subsidiaries andacquisitionsBring your own cloud (BYOC) -Employees are not waiting for IT; they’rebringing cloud services to work.

As a result, business groups andemployees, external partners andcustomers require IT organizations tosupport a diverse set of cloud-based SaaSapplications.

Public cloud-basedsoftware as a service(SaaS) has become acommon delivery modelfor business applications, i

2

Balance Risk vs Productivity 

You must focus on making security measures easyto use, implement and maintain can balance

security and productivity. Security controlsshouldn’t be viewed just as a static configuration,

but rather with a scalable design – one where anyinstance of the service that is invoked provides the

same risk posture and such that when avulnerability is discovered, appropriate action can

be taken to fix the design..

CRAIG PETERSØN.COM

(CONTINUED)CLOUDCYBERSECURITY CHEAT SHEET

Continue reading on next page >© 2019 Craig Peterson. All Rights Reserved.

Increased utilization – By sharingcomputing power between multiple clients,

cloud computing can increase utilizationrates, further reducing IT infrastructure costs.

5Cloud Benefits

Improved end-user productivity – Withcloud computing, users can access systems,

regardless of their location or what device theyare using (e.g., PCs, laptops, etc.).

Improve reliability – Cloud computing can cost-effectively provide multiple redundant sites,facilitating business continuity and disaster

recovery scenarios.Increased security – Due to centralization of

data and increased security-focused resourcesfrom cloud computing providers, cloud

computing can enhance data security. Cloudcomputing can also relieve an IT organization

from routine tasks, including backup andrecovery. External cloud service providers

typically have more infrastructure to handledata security than the average small to midsize

business.Gain access to more sophisticatedapplications – External clouds can offer CRM

and other advanced tools that were previouslyout of reach for many businesses with smaller

IT budgets.Downsized IT department – By moving

applications out to a cloud, IT departments canreduce the number of application

administrators needed for deployment,maintenance and updates. It departments can

then reassign key IT personnel to morestrategic tasks.

Save energy – Going “green” is a key focus formany enterprises. Clouds help IT organizationsreduce power, cooling and space usage to help

the enterprise create environmentallyresponsible datacenters.

2. Development clouds – Sometimes referred to asPlatform-as-a-Service, cloud developmentplatforms enable application authoring and provideruntime environments without hardwareinvestment.3. Infrastructure clouds – Also referred to asInfrastructure-as-a-Service, this type of cloudenables IT infrastructure to be deployed and usedvia remote access and made available on an elasticbasis.

1. Application and Informationclouds – Sometimes referred to asSoftware-as-a-Service, this typeof cloud is referring to a business-level service...

Public Cloud Services4

Expand scalability – By utilizingcloud computing, IT staff canquickly meet changing userloads without having toengineer for peak loads.

5 Cloud Benefits

Lower infrastructure costs – With externalclouds, customers do not own theinfrastructure. This enables enterprises toeliminate capital expenditures and consumeresources as a service, paying only for whatthey use. Clouds enable IT departments tosave on application implementation,maintenance and security costs, whilebenefiting from the economies of scale a cloudcan offer compared to even a large companynetwork.

A lack of interoperability – Theabsence of standardizationacross cloud computingplatforms creates unnecessarycomplexity and results in highswitching costs. Each cloud

6

accessible only through well-definedinterfaces. As a result, internal compute

clouds may be a better solution for someapplications that must meet stringentcompliance requirements.Inadequate

security – By design, cloud vendors typicallysupport multi-tenancy compute

environments. IT managers must look for abalance between the security of an

internal, dedicated infrastructure versusthe improved economics of a shared cloud

environment. Security can be a key inhibitor to adoption

of cloud computing.

6Cloud Challenges (con't)

Cloud Challenges

vendor has a different application model, manyof which are proprietary, vertically integratedstacks that limit platform choice. Customersdon’t want to be locked into a single providerand are often reluctant to relinquish control oftheir mission-critical applications to hostingservice providers.Application Compatibility – Most of the existingpublic compute clouds are not interoperablewith existing applications and they limit theaddressable market to those willing to writenew applications from scratch.Difficulty inmeeting compliance regulations – Regulatorycompliance requirements may limit the use ofthe shared infrastructure and utility model ofexternal cloud computing for someenvironments. Achieving compliance often requires completetransparency of the underlying ITinfrastructure that supports business-criticalapplications, while cloud computing by designplaces IT infrastructure into a ‘black box."

CLOUDCYBERSECURITY CHEAT SHEET

CRAIG PETERSØN.COM

(CONTINUED)

© 2019 Craig Peterson. All Rights Reserved.

The information and content in this document is provided for informational purposes only and is provided “as is”with no warranty of any kind, either express or implied, including but not limited to the implied warranties of

merchantability, fitness for a particular purpose, and non-infringement. We are not liable for any damages,including any consequential damages, of any kind that may result from the use of this document. The informationis obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of thedata provided, we make no claim, promise or guarantee about the completeness, accuracy, recency or adequacy ofinformation and is not responsible for misprints, out-of-date information, or errors. We make no warranty, express

or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any informationcontained in this document.

If you believe there are any factual errors in this document, please contact us and we will review your concerns assoon as practical.

CRAIG PETERSØN.COM

(CONTINUED)

CLOUDCYBERSECURITY CHEAT SHEET

© 2019 Craig Peterson. All Rights Reserved.

When moving to the cloudtake the time to review yoursecurity posture and whatchanges and controls need tobe implemented to operatesecurely. You want a cloud

7 Cloud Computing Security

platform that offers a wide variety of securityservices to address various requirements andby doing so you benefit from all the newfeatures as they become available. Cloudsecurity involves maintaining adequatepreventative protections so you: 

Know that the data and systems are safe.Can see the current state of security.Know immediately if anything unusualhappens.Can trace and respond to unexpectedevents.

Security has a lot to do with access. Traditionalenvironments usually control access using aperimeter security model. Cloud environments are highly connected,making it easier for traffic to bypass traditionalperimeter defenses. Insecure applicationprogramming interfaces (APIs), weak identityand credentials management, account hijacks,and malicious insiders may pose threats to thesystem and data.

Preventing unauthorized access in the cloudrequires shifting to a data-centric approach.Encrypt the data. Strengthen the authorization process. Require strong passwords and 2 factorauthentication. Build security into every level.

Security Risks

their terms and conditions claimingownership of the data that you uploaded

to them.2. Compliance violations and regulatory

actions - Most companies today operateunder some sort of regulatory control of

their information,Under these mandates, companies must

know where their data is, who is able toaccess it, and how it is being protected. Ifnot configured properly cloud computing

services are often in violation of theserequirements, putting the organization in a

state of non-compliance, which can haveserious repercussions.

3. Loss of control over end user actions -Companies may be in the dark about

employees who are using cloud services,without their knowledge—until it’s too late.

4. Malware infections that unleash atargeted attack -Cloud services can beused as a vector of data exfiltration of

sensitive data.5. Contractual breaches with customers or

business partners - Contracts amongbusiness parties often restrict how data is

used and who is authorized to access it. WIf employees move restricted data into thecloud without authorization, the business

contracts may be violated and legal actioncould ensue. Some cloud services.

81. Loss or theft of intellectual

property - When cloud servicesis breached the cybercriminalsget access your sensitive data.

Additionally with certainservices you face risks from 

8 Security Risks (con't.)maintain.the right to share all data uploaded tothe service with third parties in its terms andconditions, resulting in a breach of aconfidentiality agreement the company madewith a business partner.6. Diminished customer trust - Data breachesinevitably result in diminished trust bycustomers leading to a loss of business for thecompany, which ultimately impacted thecompany’s revenue. 7. Data breach requiring disclosure andnotification to victims - If sensitive or regulateddata is put in the cloud and a breach occurs,the company may be required to disclose thebreach and send notifications to potentialvictims. By Following legally-mandated breachdisclosures, regulators can levy fines against acompany and it’s not uncommon forconsumers whose data was compromised tofile lawsuits.8. Increased customer churn - If customerseven suspect that their data is not fullyprotected by enterprise-grade securitycontrols, they may take their businesselsewhere to a company they can trust. Thereare a number of critics warning consumers toavoid cloud companies who do not protectcustomer privacy.9. Revenue losses - This is a reason that manyare now calling for increased oversight by theboard of directors over cyber securityprograms.

CRAIG PETERSØN.COM

(CONTINUED)

CLOUDCYBERSECURITY CHEAT SHEET

9Concluding ThoughtsIn order to reduce the risks of unmanagedcloud usage, companies first need visibility intothe cloud services they choose and those inuse by their employees. They need tounderstand what data is being uploaded towhich cloud services and by whom. Their ITteams must assure that they are enforcingcorporate data security, compliance, andgovernance policies to protect corporate datain the cloud. The cloud is here to stay, andcompanies must balance the risks of cloudservices with the clear benefits they bring.