Information Technology IT – 5 eSecurity | e-Consult
5 eSecurity (1 questions)
Login to see all questions.
Click on a question to view the answer
Cloud Computing Security Roles:
In a cloud computing environment, security is a shared responsibility between the cloud service provider (CSP) and the data controller. The CSP is responsible for the security of the cloud infrastructure, while the data controller is responsible for the security of the data stored in the cloud and for ensuring compliance with data protection laws.
Cloud Service Provider (CSP) Responsibilities & Measures:
- Infrastructure Security: Maintaining the physical and logical security of the cloud infrastructure (e.g., data centers, networks). Examples: physical security measures, network segmentation, DDoS protection.
- Data Encryption: Providing encryption services to protect data at rest and in transit. Examples: Key management services, encryption algorithms.
- Access Control: Implementing robust access control mechanisms to prevent unauthorised access to the cloud infrastructure and data. Examples: Multi-factor authentication, role-based access control.
- Compliance Certifications: Obtaining and maintaining relevant compliance certifications (e.g., ISO 27001, SOC 2) to demonstrate a commitment to security.
Data Controller (Organisation) Responsibilities & Measures:
- Data Encryption: Encrypting data before uploading it to the cloud. Examples: Using client-side encryption, ensuring encryption keys are securely managed.
- Access Management: Implementing strong access controls to limit access to data stored in the cloud. Examples: Using strong passwords, implementing multi-factor authentication.
- Data Loss Prevention (DLP): Implementing DLP solutions to prevent sensitive data from being inadvertently exposed in the cloud. Examples: Monitoring data transfers, blocking unauthorised file sharing.
- Contractual Agreements: Ensuring that the cloud service agreement clearly outlines the security responsibilities of the CSP and the data controller.
- Data Backup and Recovery: Implementing data backup and recovery procedures to ensure that data can be restored in the event of a disaster.