Which of the following do you need to take care of when you adopt a cloud solution?

Which of the following do you need to take care of when you adopt a cloud solution?

• Network router configuring
• Writing script to automate VM deployment
• Security auditing
• Performance monitoring 

EXPLANATION

IT security audits determine whether an information system and its maintainers meet both the legal expectations of customer data protection and the company’s standards of achieving financial success against various security threats. These goals are still relevant in the emerging cloud computing model of business, but they require customization.

Cloud computing, as defined by the National Institute of Standards and Technology (NIST), is “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” ¹ In essence, cloud computing could be described as the use of computing resources—both hardware and soft ware—provided over a network, requiring minimal interaction between users and providers.

Three service models are commonly implemented in the cloud: soft ware as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). In each of these service types, security is a signifi cant challenge. Security audits provide a clear and recognizable trail of resource access for various organizations.

Traditional IT audits typically fall into two main categories: internal and external. Internal audits refer to work done by an organization’s own employees, concern very specific organizational processes, and focus primarily on optimization and risk management. External audits give an outside perspective on an organization’s ability to meet the requirements of various laws and regulations. Organizations have used traditional IT audits to evaluate issues such as availability to authorized users and integrity and confidentiality in data storage and transmission.
But what happens when an organization’s IT resources are moved to the cloud? Because cloud computing allows for multiple users across a large domain, it exposes novel security issues such as cloud-specifi c confi dentiality concerns. These threats pose new challenges for security auditing, but cloud advocates are responding to them. For instance, groups such as Cloud Security Alliance (CSA) are urging standardization of cloud confi dentiality, integrity, and availability auditing.