Here are three documents that I consider to be references in cloud computing security (or, more generally, in the field of information systems security outsourcing).
1. Cloud Security Alliance, “Security Guidance for Critical Areas of Cloud Computing Version 3.0” (177 pages)
This is the heavyweight of the list. Published by the Cloud Security Alliance, the dense “Security Guidance for Critical Areas of Cloud Computing Version 3.0” is the "reference of references" for any professional in the field.
This document contains all of the latest information on cloud computing security. My only critique is that some of the security measures it describes are a bit too theoretical and complicated to be useful to everyone.
Of course, this is only the tip of the iceberg. The Cloud Security Alliance has published many other documents. Check out their website, you won’t be disappointed!
2. European Network and Information Security Agency (ENISA), “Cloud computing: benefits, risks and recommendations for information security” (125 pages)
This comprehensive document comes from ENISA, the European agency devoted to information systems security. In "Cloud computing: benefits, risks and recommendations for information security," ENISA thoroughly analyzes the risks associated with cloud computing and suggests appropriate safety measures to address them.
The easy-to-understand guide presents each risk in the same summary format. If you’re just learning the ropes, this is the document for you. Go directly to page 9 to learn about the top eight cloud-specific risks.
3. Payment Card Industry Security Standards Council, “PCI DSS Virtualization Guidelines Version 2.0” (39 pages)
The Payment Card Industry Data Security Standard (PCI DSS) sets the rules for payment card information security. The interesting thing about PCI DSS is that the rules (or "security objectives") are prices and known in advance. As you might expect, these rules are very strict.
The "PCI DSS Virtualization Guidelines" clearly explain what to set up on a virtualization layer. To learn how to secure your hypervisor, this document is all you need, since it covers both technical and organizational aspects.
My preferred reference is the guide by the Cloud Security Alliance. It’s a state-of-the-art review of cloud computing security.
what are your favorite references?
I have intentionally left out specific technology guides and documents produced by the National Institute of Standards and Technology, the National Security Agency, and others.
Which documents are your go-to references?
I invite you to share the hidden gems you’ve stashed away on your hard drives and other online sharing platforms.
image © Giuseppe Porzani - Fotolia.com
Au sein de la direction sécurité du Groupe Orange, je suis en charge de la veille sécurité et de la sensibilisation à la sécurité. Franchise, optimisme et bonne-humeur sont mes moteurs quotidiens