Abstract
The transition toward cloud utilization by organizations is underscored by a mix of anticipated profits and augmentations in development agility and scalability, as substantiated by recent cloud-related surveys and projections. However, this shift creates difficulties for organizations in ensuring rigorous cloud security and navigating through a labyrinth of compliance. Security concerns, highlighted by 79% of respondents in a recent survey, are juxtaposed with a legal backdrop that necessitates “appropriate” safeguarding measures in cloud utilization without providing explicit, actionable directives, as seen in the EU General Data Protection Regulation and the EU NIS 2 Directive. In addressing this multifaceted issue, this chapter delineates core security domains for cloud services, in an attempt to assist cloud service providers in identifying the key areas for which they must identify relevant technical/organizational measures. This chapter further describes the main controls of the Cloud Security Alliance's Cloud Controls Matrix, as an example of an internationally recognized cloud security standard, which covers the aforementioned cloud security domains in-depth. In all, this chapter seeks to illustrate to organizations the key cloud security concerns they face and requirements they should demand to ensure their sustainable leveraging of cloud computing systems.
| Original language | English |
|---|---|
| Title of host publication | Computer and Information Security Handbook, Fourth Edition |
| Editors | John R. Vacca |
| Place of Publication | Burlington |
| Publisher | Morgan Kaufmann |
| Chapter | 64 |
| Pages | 1065-1079 |
| Number of pages | 15 |
| Volume | 2 |
| ISBN (Electronic) | 9780443132230 |
| ISBN (Print) | 9780443132247 |
| DOIs | |
| Publication status | Published - 24 Aug 2024 |
Keywords
- availability
- cloud computing
- cloud security standards
- confidentiality
- cybersecurity
- data protection
- data security
- integrity