what is abuse of cloud services?
The abuse of cloud services extends beyond malicious insiders and potentially allows cyber criminals The ability to utilize such services for criminal gain. There are multiple ways in which cloud …
Cloud computing Legal and Compliance
The goal of the Legal and Compliance domain is to offer you an understanding of how to approach the various legal and regulatory challenges unique to cloud environments.
To achieve and maintain compliance, it is important to understand the audit processes utilized within a cloud environment, including auditing controls, assurance issues, and specific reporting attributes.
You will gain an understanding of ethical behavior and required compliance within regulatory frameworks, which includes investigative techniques for crime analysis and evidence-gathering methods.
Enterprise risk considerations and the impact of outsourcing for design and hosting are also explored.
Domain Objectives
After completing this domain, you will be able to do the following:
Understand how to identify the various legal requirements and unique risks associated with the cloud environment about legislation and conflicting legislation, legal risks, controls, and forensic requirements
Describe the potential personal and data privacy issues specific to personally identifiable information within the cloud environment
Define the process, methods, and required adaptions necessary for an audit within the cloud environment
Describe the different types of cloud-based audit reports
Identify the impact of diverse geographical locations and legal jurisdictions
Understand implications of cloud-to-enterprise risk management
Explain the importance of cloud contract design and management for outsourcing a cloud environment
Identify appropriate supply-chain management processes
Introduction
As the global nature of technology continues to evolve and essentially simplify and enable conveniences once thought impossible, the challenge and complexity of meeting internal legislations, regulations, and laws become greater all the time.
Ensuring adherence, compliance, or conformity with these can be challenging within traditional on-premises environments or even on third-party and hosted environments. Add cloud computing, and the complexity increases significantly.
Cloud computing Legal and Compliance
At all times, when dealing with legal, compliance, and regulatory issues, the first step should always be to consult with relevant professionals or teams specializing in those areas.
As a security professional, your goal should be to establish a baseline understanding of the fluid and ever-changing legal and regulatory landscape with which you may need to interact.
The abuse of cloud services extends beyond malicious insiders and potentially allows cyber criminals The ability to utilize such services for criminal gain. There are multiple ways in which cloud …
Understanding the Collection and Preservation of Digital Evidence. Forensic science is generally defined as the application of science to the law. Digital forensics, also known as computer and network forensics, …
The following list of Legal issues in cloud is a general guide designed to help you focus on some of the areas and legislative items that might impact your cloud …
What is Cloud SLA (Cloud Service-Level Agreement)? Its similar to a contract signed between a customer and a CSP, the Cloud SLA forms the most crucial and fundamental component of …
Read moreWhat is a Cloud SLA (Cloud Service-Level Agreement)?
Cloud services management fall into three main groups: IaaS, PaaS, and SaaS. Each is discussed in the following sections. What does “IaaS” mean in cloud computing? According to “The NIST …
When we thinking about Cloud Computing the in our mind the question is arise What is data center in cloud technology and computing and how it build and works, So …
E-discovery is depending on whether an organization is employing a hybrid, public, or community cloud, there are issues that the organization has to understand. The extra dynamic is the presence …
An ISMS (Internal Information Security Controls System) should exist to reduce risks related to the AIC of information and assets, while looking to strengthen the stakeholder confidence in the security …
Managing i cloud is a bit complex task so many factors need to consider, The logical design of the i cloud Cloud Environments should include measures to limit remote access …
Cloud communications between the provider, its customers, its Vendors and its suppliers is critical for any environment. When you add the cloud to the mix, communication becomes even more central …
Cloud Security Policies are crucial to implementing an effective data security strategy. They typically act as the connectors that hold many aspects of data security together across both technical and …
Risk responses provides a consistent, organization-wide responses to risk by the organizational risk frame by taking these steps: Developing alternative courses of action for responding to risk (Risk Responses) Evaluating …
Distributed Computing Models and distributed information systems are becoming increasingly common in conjunction with and amplified by the adoption of cloud computing services. The globalization of companies, along with collaboration …
Supply chain management is big concern when the organizations have invested heavily to protect their key assets, resources, and intellectual property in recent years, changes to these practices present challenges …
Risk Mitigation and risk reduction is the approach and desired outcome when undertaking risk management and associated activities should always be to reduce and mitigate risks. Mitigation of risks reduces …
To understanding and appreciating cloud computing contracts has long been the duty and focus of procurement and legal functions. Whether it is related to the single cloud computing contracts of …
You must take care when gathering, handling, transporting, analyzing, reporting on, and managing evidence that the proper chain of custody or chain of evidence has been maintained. Every jurisdiction has …
ISO/IEC 27018 addresses the cloud computing privacy aspects of cloud computing for consumers. ISO 27018 is the first international set of cloud computing privacy controls in the previous blog (How …
Read moreCloud Computing Privacy Requirements (ISO/IEC 27018)
cloud Computing Network Security controls was discussed extensively earlier in this blog. You need to be able to follow and implement best practices for all security controls. About cloud Computing …
Big like Google Cloud Physical Infrastructure is more powerful but doesn’t matter the blue print is same for Mid-to-large corporations and government entities, independent system vendors (ISVs), and service providers …
Google Data center design, planning, and architecture have long formed an integral part of the information technology (IT) services for providers of computing services. Over time, these have typically evolved …
Security testing of web applications through the use of testing software is generally broken into two distinct types of automated testing tools. This section looks at these tools and discusses …
There are several characteristics of the cloud environment that you need to consider for your BCDR plan. They represent opportunities as well as challenges. First, though, it pays to have …
Business Continuity and Disaster Recovery (BCDR) Strategy for IT Professionals We already discussed BCDR scenarios. Although the departing positions are different and each situation requires a tailored approach, there are …
Read moreBusiness Continuity and Disaster (BCDR) Recovery Strategy for IT Professionals
There are several categories of risks to consider in the context of BCDR. First, risks are threatening the assets and support infrastructure that the BCDR plan is protecting against. Second, …
For to understand how to Secure Cloud! We need to focus on countermeasure strategies that span those levels. First, it is highly recommended that you implement multiple layers of defense …
The cloud infrastructure consists of data centers and the hardware that runs in them, including compute, storage, and networking hardware; virtualization software; and a management layer The Physical Environment of …
Event Sources have tools at your disposal that can help you filter the large number of events that take place continuously within the cloud infrastructure, allowing you to selectively focus …
For Supporting Continuous Operations When applying security strategies, it is important to consider the whole picture. Technologies may have dependencies or cost implications, and the larger organizational goals should be …
Data-protection policies should include guidelines for the different data lifecycle phases In the cloud, The following three policies should receive proper adjustments and attention Data retention Data deletion Data archiving …
Data Privacy Acts, Privacy and data protection (P&DP) matters are often cited as a concern for cloud computing scenarios. The P&DP regulations affect not just those whose personal data is …
Data classification as part of the information lifecycle management (ILM) process can be defined as a tool for the categorization of data to help an organization effectively answer the following …
Cloud Security Standards slogan is “If it cannot be measured, it cannot be managed“. This is a statement that any auditor and security professional should abide by regardless of his …
Cost Benefit Analysis of Cloud Computing is often identified as a key driver for the adoption of cloud computing. The challenge with decisions being made solely or exclusively on cost …
Business Continuity and Disaster Recovery planning and management is the process by which risks and threats to the ongoing availability of services, business functions, and the organization are actively reviewed …
Cloud Computing elements is a very important concept we need to consider before moving to the cloud environment. Below, Anything as a service (XaaS): The growing diversity of services available …
Cloud Attacks Surface Essentials is the process where Cloud data centers can be perceived as similar to DMZs in legacy enterprises. Because everything in the cloud can be accessed remotely, …
Cloud Service Provider (CSP) The vendor offering cloud services. The CSP will own the datacenter, employ the staff, own and manage the resources (hardware and software), monitor service provision and …
Before moving to the main important cores of the cloud we need to understand what are the boundaries of cloud computing we need to understand some concepts. In legacy environments, …
Read moreWhat are the cloud boundaries in IaaS, PaaS and SaaS?