Cloud Computing and Services Overview 2017

Cloud Computing Model

The National Institute of Standards and Technology, Special Publication 800-145, states in Section 2:

“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.”

5 Cloud Characteristics

The five essential characteristics are on-demand service, broad network access, resource pooling, rapid elasticity and measured service. The three service models are software as a service (SaaS), platform as a service (PaaS) and Infrastructure as a Service (IaaS). Finally, the four deployment models are private cloud, community cloud, public cloud and hybrid cloud.

Cloud Computing Risks

Cloud computing can offer businesses and individuals a lower cost yet higher security platform, for software use and management of data. But there are risks similar to any third party that is providing remote internet services. Both users and providers use the public internet, and are pressured by the same pool of bad actors.

12 Major Threats

In 2016, the Cloud Services Alliance released its list of major threats, as follows:

1. Data Breaches
2. Weak Identity, Credential and Access Management
3. Insecure APIs
4. System and Application Vulnerabilities
5. Account Hijacking
6. Malicious Insiders
7. Advanced Persistent Threats (APTs)
8. Data Loss
9. Insufficient Due Diligence
10. Abuse and Nefarious Use of Cloud Services
11. Denial of Service
12. Shared Technology Issues

See, Cloud Security Alliance (CSA), The Treacherous Twelve Cloud Computing Top Threats in 2016, February 29, 2016. They have followed up this list in 2017 with real world examples of attacks in each category.

Commentary by Attorney Timothy F. Mills, Editor / Action Cyber Times™ © 2017 All Rights Reserved.

Action Cyber Times™ provides resources for cybersecurity, data privacy, compliance, breach reporting and risk management, intellectual property theft, and the utilization of emerging technologies such as artificial intelligence, machine learning, blockchain DLT, advances in cryptographic applications, and more.

Disclaimer: The content available on the web site and in the blog posts is for informational purposes only and is not intended to, and does not, provide legal advice. Contact and retain an appropriate professional for legal advice. Use of this content or any of the links contained within the site do not create an attorney-client relationship. The opinions expressed are the opinions of the author.