« UK National Cyber Security Centre - ボックスツールキットに在宅勤務・遠隔勤務の演習を追加・・・ | Main | NISTのブログを読んで、改めて米国連邦サイバーセキュリティ研究開発戦略計画を読んでみる。。。 »

2020.07.15

CSA ハイブリッドクラウドと関連するリスク

こんにちは、丸山満彦です。

Cloud Security Alliance (CSA)がハイブリッドクラウドの一般的なリスクを理解するための報告書を公開していますね。。。

● CSA
・2020.07.13 Hybrid Cloud and Its Associated Risks
・[PDF Downloaded

・2020.07.14 (blog) Understanding Common Risks in Hybrid Clouds

目次

1. Introduction

2. Hybrid Cloud Overview
 2.1 Hybrid Cloud Concept
 2.2 Business Value of the Hybrid Cloud for Enterprises
 2.3 Hybrid Cloud Implementation
  2.3.1 Layer 3 Network Interworking
  2.3.2 Multi-Cloud Management Enabled by Cloud Broker
  2.3.3 Consistent Hybrid Cloud

3. Shared Responsibility in Hybrid Clouds

4. Risks, Threats and Vulnerabilities in Hybrid Clouds
 4.1 Risks
  4.1.1 Distributed Denial of Service Attack (DDoS)
  4.1.2 Data Leakage
  4.1.3 Perimeter Protection Risks
  4.1.4 Compliance Risks
  4.1.5 Misaligned Service Level Agreements (SLAs)
  4.1.6 Misalignment of Cloud Skill Sets
  4.1.7 Gap in Security Control Maturity
  4.1.8 Comprehensiveness of Security Risk Assessment
 4.2 Threats
  4.2.1 Malicious Insider
 4.3 Vulnerabilities
  4.3.1 Poor Encryption
  4.3.2 Impacted Operational Processes
  4.3.3 Network Connectivity Breaks
  4.3.4 Decentralized Identity & Credential Management
  4.3.5 Siloed Security Management

5. Hybrid Cloud Use Casesz
 5.1 Workload Expansion (Bursting)
 5.2 Backup
 5.3 Disaster Recovery (DR)
 5.4 Layered Deployment
 5.5 Application Container Technology
 5.6 Extend New IT Capabilities

Conclusion

ANNEX - Definitions of Types of Cloud and Deployment Models


 

 

1. Introduction

Cloud computing is flourishing. Hybrid clouds, especially, have been gaining more traction as cloud customers increasingly understand that using public clouds or private clouds alone poses certain limitations due to hardware or network restrictions. Hybrid clouds are now often the starting point for organizations in their cloud journey. International Data Corporations (IDC) IaaSView report in 2019 indicates that 52% of enterprises already have a hybrid cloud infrastructure in place1. Furthermore, Gartner predicts that by 2020, 90% of organizations will adopt hybrid cloud infrastructure management capabilities and services2. Multi-cloud convergence increases the complexity of risks in areas such as management, access control, data use, and service contracts. Security and compliance are among the issues that must be addressed in hybrid cloud use.

This paper aims to describe the concept and value of hybrid clouds, review its security risks, and highlight key use cases of hybrid clouds. A subsequent paper by CSA’s Hybrid Cloud Security WG will propose countermeasures to help users and cloud service providers (CSPs) mitigate and reduce security and compliance risks identified in this paper.

|

« UK National Cyber Security Centre - ボックスツールキットに在宅勤務・遠隔勤務の演習を追加・・・ | Main | NISTのブログを読んで、改めて米国連邦サイバーセキュリティ研究開発戦略計画を読んでみる。。。 »

Comments

Post a comment



(Not displayed with comment.)




« UK National Cyber Security Centre - ボックスツールキットに在宅勤務・遠隔勤務の演習を追加・・・ | Main | NISTのブログを読んで、改めて米国連邦サイバーセキュリティ研究開発戦略計画を読んでみる。。。 »