In partnership with Securosis and the Cloud Security Alliance, SearchCloudSecurity.com is pleased to present this lesson on cloud security fundamentals for enterprises. The material, which includes an introduction to assessing IaaS, PaaS and SaaS security issues and risks, a primer on public IaaS security issues and a strategic overview of public cloud encryption for enterprises, is based on the CSA's Certificate of Cloud Security Knowledge training program.
About the expert: Rich Mogull is founder, CEO and analyst with Securosis.
Watch the video, listen to the podcast, read the tech tip then take the quiz to see how much you have learned. Passing the quiz earns you one CPE credit from (ISC)².
View our Security School Course Catalog to view more lessons eligible for CPE credits.
Table of contents:
This video presentation will help you architecturally understand each of the service models -- Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) -- and the security risks you can expect with each, as well as how IaaS, PaaS and SaaS security issues and risks affect not only data security but also organizational compliance efforts.
Assuming you have a grip on your organization’s security controls, how do you map cloud computing delivery models to those existing controls that protect physical assets, and also keep your organization compliant with regulations. This video focuses on public IaaS security issues, and more specifically will address a critical overarching concern for security professionals when considering a cloud provider: how to determine whether a cloud provider can enable an enterprise's security strategy.
Multi-tenancy is a slippery slope that some organizations have to understand and consider carefully before entering into a cloud computing engagement with a provider. This video presentation explains what an organization needs to know about how these shared resources and describes how public cloud encryption techniques can offer additional control in multi-tenancy environments. The presentation also features a live demo on how to encrypt a drive in the cloud.
Quiz: Cloud security fundamentals for enterprises
Think you've mastered Rich Mogull's lesson on cloud security fundamentals for enterprises? Test your knowledge in this five-question quiz.
About the expert
Rich Mogull is founder, CEO and analyst with information security consultancy Securosis. He has more than 20 years of experience in information security, physical security, and risk management. He specializes in data security, application security, emerging security technologies, and security management. Prior to founding Securosis, Mogull was a research vice president at Gartner on the security team where he also served as research co-chair for the Gartner Security Summit. Prior to his seven years at Gartner, Mogull worked as an independent consultant, Web application developer, software development manager at the University of Colorado, and systems and network administrator.