Foreword xvii Introduction xix DOMAIN 1: ARCHITECTURAL CONCEPTS AND DESIGN REQUIREMENTS 1 Introduction 3 Drivers for Cloud Computing 4 Security, Risks, and Benefi ts 5 Cloud Computing Defi nitions 7 Cloud Computing Roles 12 Key Cloud Computing Characteristics 12 Cloud Transition Scenario 14 Building Blocks 16 Cloud Computing Functions 16 Cloud Service Categories 18 IaaS 18 PaaS 19 SaaS 21 Cloud Deployment Models 23 The Public Cloud Model 23 The Private Cloud Model 23 The Hybrid Cloud Model 24 The Community Cloud Model 25 Cloud Cross -Cutting Aspects 25 Architecture Overview 25 Key Principles of an Enterprise Architecture 27 The NIST Cloud Technology Roadmap 28 Network Security and Perimeter 32 Cryptography 33 Encryption 33 Key Management 35 IAM and Access Control 37 Provisioning and Deprovisioning 37 Centralized Directory Services 38 Privileged User Management 38 Authorization and Access Management 39 Data and Media Sanitization 40 Vendor Lock -In 40 Cryptographic Erasure 41 Data Overwriting 41 Virtualization Security 42 The Hypervisor 42 Security Types 43 Common Threats 43 Data Breaches 43 Data Loss 44 Account or Service Traffic Hijacking 45 Insecure Interfaces and APIs 45 Denial of Service 46 Malicious Insiders 46 Abuse of Cloud Services 46 Insufficient Due Diligence 47 Shared Technology Vulnerabilities 47 Security Considerations for Different Cloud Categories 48 IaaS Security 48 PaaS Security 50 SaaS Security 52 Open Web Application Security Project Top Ten Security Threats 54 Cloud Secure Data Lifecycle 55 Information and Data Governance Types 56 Business Continuity and Disaster Recovery Planning 57 Business Continuity Elements 57 Critical Success Factors 58 Important SLA Components 59 Cost -Benefit Analysis 60 Certification Against Criteria 62 System and Subsystem Product Certification 69 Summary 72 Review Questions 73 Notes 77 DOMAIN 2: CLOUD DATA SECURITY 79 Introduction 81 The Cloud Data Lifecycle Phases 82 Location and Access of Data 83 Location 83 Access 84 Functions, Actors, and Controls of the Data 84 Key Data Functions 85 Controls 85 Process Overview 86 Tying It Together 86 Cloud Services, Products, and Solutions 87 Data Storage 87 IaaS 87 PaaS 88 SaaS 89 Threats to Storage Types 90 Technologies Available to Address Threats 91 Relevant Data Security Technologies 91 Data Dispersion in Cloud Storage 92 DLP 92 Encryption 95 Masking, Obfuscation, Anonymization, and Tokenization 102 Application of Security Strategy Technologies 105 Emerging Technologies 106 Bit Splitting 106 Homomorphic Encryption 107 Data Discovery 108 Data Discovery Approaches 108 Different Data Discovery Techniques 109 Data Discovery Issues 110 Challenges with Data Discovery in the Cloud 111 Data Classifi cation 112 Data Classifi cation Categories 112 Challenges with Cloud Data 113 Data Privacy Acts 113 Global P&DP Laws in the United States 114 Global P&DP Laws in the European Union 115 Global P&DP Laws in APEC 115 Differences Between Jurisdiction and Applicable Law 115 Essential Requirements in P&DP Laws 116 Typical Meanings for Common Privacy Terms 116 Privacy Roles for Customers and Service Providers 117 Responsibility Depending on the Type of Cloud Services 118 Implementation of Data Discovery 119 Classification of Discovered Sensitive Data 120 Mapping and Definition of Controls 123 Privacy Level Agreement 124 PLA Versus Essential P&DP Requirements Activity 124 Application of Defi ned Controls for PII 128 Cloud Security Alliance Cloud Controls Matrix 129 Management Control for Privacy and Data -Protection Measures 133 Data Rights Management Objectives 134 IRM Cloud Challenges 134 IRM Solutions 135 Data -Protection Policies 136 Data -Retention Policies 137 Data -Deletion Procedures and Mechanisms 138 Data -Archiving Procedures and Mechanisms 139 Events 140 Event Sources 140 Identifying Event Attribute Requirements 142 Storage and Analysis of Data Events 144 SIEM 145 Supporting Continuous Operations 146 Chain of Custody and Nonrepudiation 147 Summary 148 Review Questions 149 Notes 152 DOMAIN 3: CLOUD PLATFORM AND INFRASTRUCTURE SECURITY 155 Introduction 157 The Physical Environment of the Cloud Infrastructure 157 Data Center Design 158 Network and Communications in the Cloud 159 Network Functionality 159 Software -Defined Networking 160 The Compute Parameters of a Cloud Server 161 Virtualization 161 Scalability 162 The Hypervisor 162 Storage Issues in the Cloud 163 Object Storage 164 Management Plane 164 Management of Cloud Computing Risks 166 Risk Assessment and Analysis 166 Cloud Attack Vectors 170 Countermeasure Strategies Across the Cloud 170 Continuous Uptime 171 Automation of Controls 171 Access Controls 171 Physical and Environmental Protections 172 Key Regulations 173 Examples of Controls 173 Protecting Data Center Facilities 173 System and Communication Protections 173 Automation of Confi guration 174 Responsibilities of Protecting the Cloud System 174 Following the Data Lifecycle 175 Virtualization Systems Controls 176 Managing Identification, Authentication, and Authorization in the Cloud Infrastructure 178 Managing Identification 178 Managing Authentication 179 Managing Authorization 179 Accounting for Resources 179 Managing Identity and Access Management 179 Making Access Decisions 179 The Entitlement Process 180 The Access Control Decision -Making Process 180 Risk Audit Mechanisms 181 The Cloud Security Alliance Cloud Controls Matrix 182 Cloud Computing Audit Characteristics 182 Using a VM 183 Understanding the Cloud Environment Related to BCDR 183 On -Premises, Cloud as BCDR 184 Cloud Service Consumer, Primary Provider BCDR 184 Cloud Service Consumer, Alternative Provider BCDR 185 BCDR Planning Factors 185 Relevant Cloud Infrastructure Characteristics 185 Understanding the Business Requirements Related to BCDR 186 Understanding the BCDR Risks 188 BCDR Risks Requiring Protection 188 BCDR Strategy Risks 188 Potential Concerns About the BCDR Scenarios 189 BCDR Strategies 190 Location 191 Data Replication 191 Functionality Replication 192 Planning, Preparing, and Provisioning 192 Failover Capability 192 Returning to Normal 193 Creating the BCDR Plan 193 The Scope of the BCDR Plan 193 Gathering Requirements and Context 193 Analysis of the Plan 194 Risk Assessment 194 Plan Design 194 Other Plan Considerations 195 Planning, Exercising, Assessing, and Maintaining the Plan 195 Test Plan Review 197 Testing and Acceptance to Production 201 Summary 201 Review Questions 202 Notes 204 DOMAIN 4: CLOUD APPLICATION SECURITY 205 Introduction 207 Determining Data Sensitivity and Importance 208 Understanding the API Formats 208 Common Pitfalls of Cloud Security Application Deployment 209 On -Premises Does Not Always Transfer (and Vice Versa) 210 Not All Apps Are Cloud Ready 210 Lack of Training and Awareness 210 Lack of Documentation and Guidelines 211 Complexities of Integration 211 Overarching Challenges 211 Awareness of Encryption Dependencies 213 Understanding the Software Development Lifecycle Process for a Cloud Environment 213 Secure Operations Phase 214 Disposal Phase 215 Assessing Common Vulnerabilities 215 Cloud -Specific Risks 218 Threat Modeling 220 STRIDE Threat Model 220 Approved Application Programming Interfaces 221 Software Supply Chain (API) Management 221 Securing Open Source Software 222 Identity and Access Management 222 Identity Management 223 Access Management 223 Identity Repository and Directory Services 223 Federated Identity Management 224 Federation Standards 224 Federated Identity Providers 225 Federated SSO 225 Multifactor Authentication 225 Supplemental Security Devices 226 Cryptography 227 Tokenization 228 Data Masking 228 Sandboxing 229 Application Virtualization 229 Cloud -Based Functional Data 230 Cloud -Secure Development Lifecycle 231 ISO/IEC 27034 -1 232 Organizational Normative Framework 232 Application Normative Framework 233 Application Security Management Process 233 Application Security Testing 234 Static Application Security Testing 234 Dynamic Application Security Testing 235 Runtime Application Self -Protection 235 Vulnerability Assessments and Penetration Testing 235 Secure Code Reviews 236 OWASP Recommendations 236 Summary 237 Review Questions 238 Notes 239 DOMAIN 5: OPERATIONS 241 Introduction 243 Modern Data Centers and Cloud Service Offerings 243 Factors That Aff ect Data Center Design 243 Logical Design 244 Physical Design 246 Environmental Design Considerations 249 Multivendor Pathway Connectivity 253 Implementing Physical Infrastructure for Cloud Environments 253 Enterprise Operations 254 Secure Configuration of Hardware: Specific Requirements 255 Best Practices for Servers 255 Best Practices for Storage Controllers 256 Network Controllers Best Practices 258 Virtual Switches Best Practices 259 Installation and Confi guration of Virtualization Management Tools for the Host 260 Leading Practices 261 Running a Physical Infrastructure for Cloud Environments 261 Configuring Access Control and Secure Kernel -Based Virtual Machine 265 Securing the Network Configuration 266 Network Isolation 266 Protecting VLANs 267 Using TLS 268 Using DNS 268 Using IPSec 269 Identifying and Understanding Server Threats 270 Using Standalone Hosts 271 Using Clustered Hosts 273 Resource Sharing 273 Distributed Resource Scheduling/Compute Resource Scheduling 274 Accounting for Dynamic Operation 274 Using Storage Clusters 275 Clustered Storage Architectures 275 Storage Cluster Goals 276 Using Maintenance Mode 276 Providing HA on the Cloud 276 Measuring System Availability 276 Achieving HA 277 The Physical Infrastructure for Cloud Environments 278 Configuring Access Control for Remote Access 279 Performing Patch Management 281 The Patch Management Process 282 Examples of Automation 282 Challenges of Patch Management 283 Performance Monitoring 285 Outsourcing Monitoring 285 Hardware Monitoring 285 Redundant System Architecture 286 Monitoring Functions 286 Backing Up and Restoring the Host Configuration 287 Implementing Network Security Controls: Defense in Depth 288 Firewalls 288 Layered Security 289 Utilizing Honeypots 292 Conducting Vulnerability Assessments 293 Log Capture and Log Management 293 Using Security Information and Event Management 295 Developing a Management Plan 296 Maintenance 297 Orchestration 297 Building a Logical Infrastructure for Cloud Environments 298 Logical Design 298 Physical Design 298 Secure Configuration of Hardware -Specific Requirements 299 Running a Logical Infrastructure for Cloud Environments 300 Building a Secure Network Configuration 300 OS Hardening via Application Baseline 301 Availability of a Guest OS 303 Managing the Logical Infrastructure for Cloud Environments 304 Access Control for Remote Access 304 OS Baseline Compliance Monitoring and Remediation 305 Backing Up and Restoring the Guest OS Configuration 305 Implementation of Network Security Controls 306 Log Capture and Analysis 306 Management Plan Implementation Through the Management Plane 307 Ensuring Compliance with Regulations and Controls 307 Using an ITSM Solution 308 Considerations for Shadow IT 308 Operations Management 309 Information Security Management 310 Configuration Management 310 Change Management 311 Incident Management 315 Problem Management 317 Release and Deployment Management 318 Service -Level Management 319 Availability Management 319 Capacity Management 319 Business Continuity Management 320 Continual Service Improvement Management 321 How Management Processes Relate to Each Other 321 Incorporating Management Processes 323 Managing Risk in Logical and Physical Infrastructures 323 The Risk -Management Process Overview 323 Framing Risk 324 Risk Assessment 324 Risk Response 334 Risk Monitoring 339 Understanding the Collection and Preservation of Digital Evidence 340 Cloud Forensics Challenges 341 Data Access Within Service Models 342 Forensics Readiness 343 Proper Methodologies for Forensic Collection of Data 343 The Chain of Custody 349 Evidence Management 350 Managing Communications with Relevant Parties 350 The Five Ws and One H 351 Communicating with Vendors and Partners 351 Communicating with Customers 353 Communicating with Regulators 353 Communicating with Other Stakeholders 354 Wrap -Up: Data Breach Example 354 Summary 354 Review Questions 356 Notes 361 DOMAIN 6: LEGAL AND COMPLIANCE 363 Introduction 365 International Legislation Conflicts 365 Legislative Concepts 366 Frameworks and Guidelines Relevant to Cloud Computing 368 ISO/IEC 27017:2015 Information Technology Security Techniques Code of Practice for Information Security Controls Based on ISO/IEC 27002 for Cloud Services 368 Organization for Economic Cooperation and Development Privacy and Security Guidelines 369 Asia -Pacifi c Economic Cooperation Privacy Framework4 369 EU Data Protection Directive 370 General Data Protection Regulation 372 ePrivacy Directive 372 Beyond Frameworks and Guidelines 372 Common Legal Requirements 373 Legal Controls and Cloud Service Providers 374 e -Discovery 375 e -Discovery Challenges 375 Considerations and Responsibilities of e -Discovery 376 Reducing Risk 376 Conducting e -Discovery Investigations 377 Cloud Forensics and ISO/IEC 27050 -1 377 Protecting Personal Information in the Cloud 378 Differentiating Between Contractual and Regulated PII 379 Country -Specific Legislation and Regulations Related to PII, Data Privacy, and Data Protection 383 Auditing in the Cloud 392 Internal and External Audits 392 Types of Audit Reports 393 Impact of Requirement Programs by the Use of Cloud Services 396 Assuring Challenges of the Cloud and Virtualization 396 Information Gathering 397 Audit Scope 398 Cloud -Auditing Goals 401 Audit Planning 401 Standard Privacy Requirements (ISO/IEC 27018) 403 GAPP 404 Internal ISMS 405 The Value of an ISMS 405 Internal Information Security Controls System: ISO 27001:2013 Domains 406 Repeatability and Standardization 406 Implementing Policies 407 Organizational Policies 407 Functional Policies 408 Cloud Computing Policies 408 Bridging the Policy Gaps 409 Identifying and Involving the Relevant Stakeholders 410 Stakeholder Identifi cation Challenges 410 Governance Challenges 411 Communication Coordination 411 Impact of Distributed IT Models 412 Clear Communications 412 Coordination and Management of Activities 413 Governance of Processes and Activities 413 Coordination Is Key 414 Security Reporting 414 Understanding the Implications of the Cloud to Enterprise Risk Management 415 Risk Profile 416 Risk Appetite 416 Difference Between the Data Owner and Controller and the Data Custodian and Processor 416 SLA 417 Risk Mitigation 422 Risk -Management Metrics 422 Different Risk Frameworks 423 Understanding Outsourcing and Contract Design 425 Business Requirements 425 Vendor Management 426 Understanding Your Risk Exposure 426 Accountability of Compliance 427 Common Criteria Assurance Framework 427 CSA STAR 428 Cloud Computing Certification 429 Contract Management 431 Importance of Identifying Challenges Early 431 Key Contract Components 432 Supply Chain Management 434 Supply Chain Risk 434 CSA CCM 435 The ISO 28000:2007 Supply Chain Standard 435 Summary 436 Review Questions 438 Notes 439 APPENDIX A: ANSWERS TO REVIEW QUESTIONS 441 Domain 1: Architectural Concepts and Design Requirements 441 Domain 2: Cloud Data Security 451 Domain 3: Cloud Platform and Infrastructure Security 460 Domain 4: Cloud Application Security 466 Domain 5: Operations 470 Domain 6: Legal and Compliance Issues 482 Notes 488 APPENDIX B: GLOSSARY 491 APPENDIX C: HELPFUL RESOURCES AND LINKS 501 Index 505