[talk] Cloud Security
jpb at jimby.name
Mon Jun 19 11:58:04 EDT 2017
* Sujit K M <kmsujit at gmail.com> [2017-06-17 04:08]:
> Hi All,
> I find that Cloud based application might show up their URL's on
> Web Browsers for example. Isn't this a security hack. Any thoughts
> on how we can secure or how is security applied.
> Sujit K M
A URL by itself may or may not be important - it depends on the
application, the data involved, and the cloud provider.
Cloud security is a complex topic as the responsibliity for information
security controls is often shared between the tenant and the cloud
provider. "Shared" can also mean misunderstood, as in "Hey, I thought
you guys were doing access control. What gives?" This is not uncommmon,
particularly for small firms who don't have a security officer, or
someone with a clue about information security.
A good start for understanding information security for these
environments is the "Cloud Security Alliance",
https://cloudsecurityalliance.org , a non-profit who has been
around for a while (2008 or so). Their Cloud Controls Matrix (v3.0.1)
is a very useful tool for evaluating security controls.
Full disclosure - I'm not associated with CSA in any way, although I
have used their CSA Matrix along with our own custom toolkit to assess
controls at multiple cloud providers. It's worth a look.
More information about the talk