[talk] Cloud Security

Jim B. jpb at jimby.name
Mon Jun 19 11:58:04 EDT 2017


* Sujit K M <kmsujit at gmail.com> [2017-06-17 04:08]:
> Hi All,
> 
> I find that Cloud based application might show up their URL's on
> Web Browsers for example. Isn't this a security hack. Any thoughts
> on how we can secure or how is security applied.
> 
> Regards,
> Sujit K M
> 

Hi Sujit,

A URL by itself may or may not be important - it depends on the
application, the data involved, and the cloud provider.

Cloud security is a complex topic as the responsibliity for information
security controls is often shared between the tenant and the cloud
provider.  "Shared" can also mean misunderstood, as in "Hey, I thought
you guys were doing access control. What gives?" This is not uncommmon,
particularly for small firms who don't have a security officer, or
someone with a clue about information security.

A good start for understanding information security for these
environments is the "Cloud Security Alliance",
https://cloudsecurityalliance.org , a non-profit who has been
around for a while (2008 or so).  Their Cloud Controls Matrix (v3.0.1)
is a very useful tool for evaluating security controls.

Full disclosure - I'm not associated with CSA in any way, although I
have used their CSA Matrix along with our own custom toolkit to assess
controls at multiple cloud providers.  It's worth a look.

Best,
Jim B.





More information about the talk mailing list