Cloud computing Legal and Compliance


Cloud computing Legal and Compliance


The goal of the Legal and Compliance domain is to offer you an understanding of how to approach the various legal and regulatory challenges unique to cloud environments.


To achieve and maintain compliance, it is important to understand the audit processes utilized within a cloud environment, including auditing controls, assurance issues, and specific reporting attributes.


You will gain an understanding of ethical behavior and required compliance within regulatory frameworks, which includes investigative techniques for crime analysis and evidence-gathering methods.


Enterprise risk considerations and the impact of outsourcing for design and hosting are also explored.


Domain Objectives


After completing this domain, you will be able to do the following:


Understand how to identify the various legal requirements and unique risks associated with the cloud environment about legislation and conflicting legislation, legal risks, controls, and forensic requirements


Describe the potential personal and data privacy issues specific to personally identifiable information within the cloud environment


Define the process, methods, and required adaptions necessary for an audit within the cloud environment


Describe the different types of cloud-based audit reports


Identify the impact of diverse geographical locations and legal jurisdictions


Understand implications of cloud-to-enterprise risk management


Explain the importance of cloud contract design and management for outsourcing a cloud environment


Identify appropriate supply-chain management processes


Introduction


As the global nature of technology continues to evolve and essentially simplify and enable conveniences once thought impossible, the challenge and complexity of meeting internal legislations, regulations, and laws become greater all the time.


Ensuring adherence, compliance, or conformity with these can be challenging within traditional on-premises environments or even on third-party and hosted environments. Add cloud computing, and the complexity increases significantly.

Cloud computing Legal and Compliance


At all times, when dealing with legal, compliance, and regulatory issues, the first step should always be to consult with relevant professionals or teams specializing in those areas.


As a security professional, your goal should be to establish a baseline understanding of the fluid and ever-changing legal and regulatory landscape with which you may need to interact.

what is abuse of cloud services?

The abuse of cloud services extends beyond malicious insiders and potentially allows cyber criminals The ability to utilize such services for criminal gain.  There are multiple ways in which cloud services can be used for malicious purposes. There is no question, that for the malicious actor their job is considerably easier if their intended victims […]

what is abuse of cloud services? Read More »

What is digital evidence in cyber security?

Understanding the Collection and Preservation of Digital Evidence. Forensic science is generally defined as the application of science to the law. Digital forensics, also known as computer and network forensics, has many definitions. Generally, it is considered the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of

What is digital evidence in cyber security? Read More »

Top 10 Legal issues in cloud computing

The following list of Legal issues in cloud is a general guide designed to help you focus on some of the areas and legislative items that might impact your cloud environments: Legal issues in cloud computing are comes under the international law, International law is the term given to the rules that govern relations between

Top 10 Legal issues in cloud computing Read More »

What is a Cloud SLA (Cloud Service-Level Agreement)?

What is Cloud SLA (Cloud Service-Level Agreement)? Its similar to a contract signed between a customer and a CSP, the Cloud SLA forms the most crucial and fundamental component of how security and operations will be undertaken. The Cloud SLA should also capture requirements related to compliance, best practices, and general operational activities to satisfy

What is a Cloud SLA (Cloud Service-Level Agreement)? Read More »

What does “Cloud Management services” mean?

Cloud services management fall into three main groups: IaaS, PaaS, and SaaS. Each is discussed in the following sections. What does “IaaS” mean in cloud computing? According to “The NIST Definition of Cloud Computing,” in IaaS, “the capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the

What does “Cloud Management services” mean? Read More »

Why Cloud Computing Matters in e-discovery?

E-discovery is depending on whether an organization is employing a hybrid, public, or community cloud, there are issues that the organization has to understand. The extra dynamic is the presence of a third party the cloud service provider (CSP) so the organization must understand how laws and regulations apply to the cloud. In other words,

Why Cloud Computing Matters in e-discovery? Read More »

Why isms is important?

An ISMS (Internal Information Security Controls System) should exist to reduce risks related to the AIC of information and assets, while looking to strengthen the stakeholder confidence in the security posture of their organization in protecting such assets. Although these systems may well vary in terms of comprehensiveness, along with how the controls are applied,

Why isms is important? Read More »

Managing i cloud Infrastructure

Managing i cloud is a bit complex task so many factors need to consider, The logical design of the i cloud Cloud Environments should include measures to limit remote access to only those authorized to access resources, provide the capability to monitor the i cloud Environments, and allow for the remediation of systems in the

Managing i cloud Infrastructure Read More »

What is cloud service provider communications?

Cloud communications between the provider, its customers, its Vendors and its suppliers is critical for any environment. When you add the cloud to the mix, communication becomes even more central as a success factor overall. What is The Five Ws and One H method? The need to identify the five Ws and the one H

What is cloud service provider communications? Read More »

Top 2 types of Cloud Security Policies

Cloud Security Policies are crucial to implementing an effective data security strategy. They typically act as the connectors that hold many aspects of data security together across both technical and nontechnical components. The failure to implement and utilize policies in cloud-based (or non-cloud-based) environments would likely result in disparate parts or isolation of activities, effectively

Top 2 types of Cloud Security Policies Read More »

What to Expect from cloud Security Risk Responses?

Risk responses provides a consistent, organization-wide responses to risk by the organizational risk frame by taking these steps: Developing alternative courses of action for responding to risk (Risk Responses) Evaluating the alternative courses of action Determining appropriate courses of action consistent with organizational risk tolerance Implementing risk responses based on selected courses of action What

What to Expect from cloud Security Risk Responses? Read More »

What to Expect from computing Models?

Distributed Computing Models and distributed information systems are becoming increasingly common in conjunction with and amplified by the adoption of cloud computing services. The globalization of companies, along with collaboration and outsourcing, continues to allow organizations and users to avail themselves of distributed services. The drivers for adopting such services are many but include increasing

What to Expect from computing Models? Read More »

What is cloud supply chain management?

Supply chain management is big concern when the organizations have invested heavily to protect their key assets, resources, and intellectual property in recent years, changes to these practices present challenges and complexities. With the supply chain adjusting to include CSPs, security truly is only as good as the weakest link. Of late, many sizable and

What is cloud supply chain management? Read More »

What risk mitigation means?

Risk Mitigation and risk reduction is the approach and desired outcome when undertaking risk management and associated activities should always be to reduce and mitigate risks. Mitigation of risks reduces the exposure to a risk or the likelihood of it occurring. Risk mitigation to cloud-based assessments or environments is most often obtained by implementing additional

What risk mitigation means? Read More »

Why we need contracts in cloud computing?

To understanding and appreciating cloud computing contracts has long been the duty and focus of procurement and legal functions. Whether it is related to the single cloud computing contracts of personnel, roles, functions, or entire business functions, these have been availed and utilized globally to maximize cost benefits, plug skills gaps, and ultimately ensure that

Why we need contracts in cloud computing? Read More »

What is the chain of custody?

You must take care when gathering, handling, transporting, analyzing, reporting on, and managing evidence that the proper chain of custody or chain of evidence has been maintained. Every jurisdiction has its definitions as to what this may mean in detail; however, in general, a chain of custody and chain of evidence Why need Chain of

What is the chain of custody? Read More »

Cloud Computing Privacy Requirements (ISO/IEC 27018)

ISO/IEC 27018 addresses the cloud computing privacy aspects of cloud computing for consumers. ISO 27018 is the first international set of cloud computing privacy controls in the previous blog (How many Data Privacy Acts in the world?). The ISO published ISO 27018 on July 30, 2014, as a new component of the ISO 27001 standard.

Cloud Computing Privacy Requirements (ISO/IEC 27018) Read More »

What is Cloud Computing Network Security?

cloud Computing Network Security controls was discussed extensively earlier in this blog. You need to be able to follow and implement best practices for all security controls. About cloud Computing Network Security , consider the following general guidelines: Defense in depth VLANs Access controls Secure protocol usage (that is, IPSec and TLS) IDS/IPS system deployments

What is Cloud Computing Network Security? Read More »

Google Cloud Physical Infrastructure

Big like Google Cloud Physical Infrastructure is more powerful but doesn’t matter the blue print is same for Mid-to-large corporations and government entities, independent system vendors (ISVs), and service providers use cloud infrastructure to build private and public clouds and deliver cloud computing services. Virtualization provides the foundation for cloud computing, enabling rapid deployment of

Google Cloud Physical Infrastructure Read More »

How does google cloud data center of works?

Google Data center design, planning, and architecture have long formed an integral part of the information technology (IT) services for providers of computing services. Over time, these have typically evolved and grown in line with computing developments and enhanced capabilities. Google Data center continue to be refined, enhanced, and improved upon globally; however, they still

How does google cloud data center of works? Read More »

How to do application security testing?

Security testing of web applications through the use of testing software is generally broken into two distinct types of automated testing tools. This section looks at these tools and discusses the importance of penetration testing, which generally includes the use of human expertise and automated tools. The section also looks at secure code reviews and

How to do application security testing? Read More »

What is BCDR Related to Cloud Environment?

There are several characteristics of the cloud environment that you need to consider for your BCDR plan. They represent opportunities as well as challenges. First, though, it pays to have a more detailed look at some different scenarios in which you might want to consider BCDR. The following sections discuss these scenarios, BCDR planning factors,

What is BCDR Related to Cloud Environment? Read More »

Business Continuity and Disaster (BCDR) Recovery Strategy for IT Professionals

Business Continuity and Disaster Recovery (BCDR) Strategy for IT Professionals We already discussed BCDR scenarios. Although the departing positions are different and each situation requires a tailored approach, there are several common components to these scenarios. A logical sequence to discuss these components is location, data replication, functionality replication, event anticipation, failover event, and return

Business Continuity and Disaster (BCDR) Recovery Strategy for IT Professionals Read More »

What are the the BCDR Risks?

There are several categories of risks to consider in the context of BCDR. First, risks are threatening the assets and support infrastructure that the BCDR plan is protecting against. Second, some risks threaten the successful execution of a BCDR plan invocation; that is, what can go wrong if and when you need to failover? Does

What are the the BCDR Risks? Read More »

How to Secure Cloud Infrastructure?

For to understand how to Secure Cloud! We need to focus on countermeasure strategies that span those levels. First, it is highly recommended that you implement multiple layers of defense against any risk. For example, in physical protection there should not be reliance on a single lock; there should be multiple layers of access control,

How to Secure Cloud Infrastructure? Read More »

What is Cloud Infrastructure?

The cloud infrastructure consists of data centers and the hardware that runs in them, including compute, storage, and networking hardware; virtualization software; and a management layer The Physical Environment of the Cloud Infrastructure Just like traditional or onsite computing, cloud computing runs on real hardware that runs in real buildings. At the contemporary scale of

What is Cloud Infrastructure? Read More »

Cloud Computing Event Sources

Event Sources have tools at your disposal that can help you filter the large number of events that take place continuously within the cloud infrastructure, allowing you to selectively focus on those that are most relevant and important. Event sources are monitored to provide the raw data on events that will be used to paint

Cloud Computing Event Sources Read More »

Supporting Continuous Operations

For Supporting Continuous Operations When applying security strategies, it is important to consider the whole picture. Technologies may have dependencies or cost implications, and the larger organizational goals should be considered . To support continuous operations, the following principles should be adopted as part of the security operations policies: Audit logging: Higher levels of assurance

Supporting Continuous Operations Read More »

What is a data protection in cloud computing?

Data-protection policies should include guidelines for the different data lifecycle phases In the cloud, The following three policies should receive proper adjustments and attention Data retention Data deletion Data archiving Data-Retention Policies A data-retention policy is an organization’s established protocol for keeping information for operational or regulatory compliance needs. The objectives of a data-retention policy

What is a data protection in cloud computing? Read More »

How many Data Privacy Acts in the world?

Data Privacy Acts, Privacy and data protection (P&DP) matters are often cited as a concern for cloud computing scenarios. The P&DP regulations affect not just those whose personal data is processed in the cloud (the data subjects) but also those (the cloud service customers) using cloud computing to process others’ data and indeed those providing

How many Data Privacy Acts in the world? Read More »

How to do Data Classification?

Data classification as part of the information lifecycle management (ILM) process can be defined as a tool for the categorization of data to help an organization effectively answer the following questions: What data types are available? Where is certain data located? What access levels are implemented? What protection level is implemented, and does it adhere

How to do Data Classification? Read More »

What are cloud security standards?

Cloud Security Standards slogan is “If it cannot be measured, it cannot be managed“. This is a statement that any auditor and security professional should abide by regardless of his focus. How can someone have confidence, awareness, and assurances that he and the CSP are taking the correct steps to ensure that data is secured

What are cloud security standards? Read More »

Cost Benefit Analysis of Cloud Computing

Cost Benefit Analysis of Cloud Computing is often identified as a key driver for the adoption of cloud computing. The challenge with decisions being made solely or exclusively on cost savings can come back to haunt the organization or entity that failed to take a risk-based view and factor in the relevant effects that may

Cost Benefit Analysis of Cloud Computing Read More »

Business Continuity and Disaster Recovery planning

Business Continuity and Disaster Recovery planning and management is the process by which risks and threats to the ongoing availability of services, business functions, and the organization are actively reviewed and managed at set intervals as part of the overall risk-management process. The goal is to keep the business operating and functioning in the event

Business Continuity and Disaster Recovery planning Read More »

What are Cloud Computing elements?

Cloud Computing elements is a very important concept we need to consider before moving to the cloud environment. Below, Anything as a service (XaaS): The growing diversity of services available over the Internet via cloud computing as opposed to being provided locally or on-premises. Apache CloudStack: An open-source cloud computing and IaaS platform developed to

What are Cloud Computing elements? Read More »

Cloud Attacks surface

Cloud Attacks Surface Essentials is the process where Cloud data centers can be perceived as similar to DMZs in legacy enterprises. Because everything in the cloud can be accessed remotely, it can be considered exposed to the Internet, to a greater or lesser extent. Instead of the discrete perimeter of a private network, cloud configurations

Cloud Attacks surface Read More »

Cloud Computing Roles & Responsibilities

The vendor offering cloud services. The CSP will own the datacenter, employ the staff, own and manage the resources (hardware and software), monitor service provision and security, and provide administrative assistance for the customer and the customer’s data and processing needs. Cloud Computing Roles & Responsibilities Examples include Amazon Web Services (AWS), Rackspace, and Microsoft’s

Cloud Computing Roles & Responsibilities Read More »

What are the cloud boundaries in IaaS, PaaS and SaaS?

Before moving to the main important cores of the cloud we need to understand what are the boundaries of cloud computing we need to understand some concepts. In legacy environments, we had bright-line definitions of the organization’s IT perimeter. Everything inside the perimeter belonging to the organization, including data, hardware, and risk; everything outside was

What are the cloud boundaries in IaaS, PaaS and SaaS? Read More »

Scroll to Top