Full of Cloud Security.Startups, Scope in future, Research topics, courses etc.

   Cloud Security ......???       

Based on the question details which ask: “What [is the] first thing that comes to your mind when you hear the term ‘Cloud Security’,” I think I have to say that the answer would be:

 Most people really don’t understand what Cloud Security is, but they have plenty of approaches they think will work for providing it.

* Defining the Cloud :-

So, let’s step back and take a look at what “the Cloud” really is.

First up, “the Cloud” or Cloud Computing, from a business perspective is a business relationship that provides an application, function or a place to put things that:

1. you don’t physically control,
2. you don’t really completely manage,
3. where you pay for those applications, functions and storage locations based on what you use rather than what your CAPEX budget will support this year—at least in theory, and
4. where your organization is entirely dependent on the way a selected cloud provider decides they will allocate you resources, including access to those self-same applications, functions and storage locations.

 

*Defining Security;-

– A phrase courtesy of Mr. David Lynas, one of the authors of the SABSA methodology – “Security is always a function of something else.”

* Why is cloud security such a big challenge?

There are two, time-honored risk management techniques which are both required to deal with the risks of "cloud computing":

1. A proper exercise in due diligence - carefully investigate your prospective cloud service provider before you sign any contracts:
1. Are they honest?
2. Do they have adequate physical security for their facilities?
3. Are they careful about their own systems management, and system software integrity and provenance?
4. Do they maintain internal audit trails to monitor their employees?
5. Do they regularly check for unauthorized intrusions into their service?
6. Do they know what they're doing?
2. Insurance: your data and computing has some value to your business. Count that value, and buy insurance for it, either directly from the cloud services purveyor (if they won't contractually guarantee the integrity of their service with their cash at direct risk, what are their security assurances worth?), or from a business insurance underwriter.

* Most innovative cloud security startups:--

1).Skyhigh Network:-

         Its platform provides discovery of cloud services used within an enterprise, along with risk analysis and controls designed for more than 6,000 cloud services.

2).Netskope:-

        Netskope's platform also offers analytics, policy enforcement, and data loss prevention, as well as anomaly detection for activity in cloud application activity, whether sanctioned or not.

3).OKTA:-

        Okta has built a cloud-based platform designed to help enterprises centralize management of user identities across on-premises, cloud, and mobile accounts.

4).Cognigo:-

        This startup has given a valiant effort to mechanize and give consistent sans hands procedures to actualize safety efforts.

5).SentinelOne:-

           It is the most noteworthy appraised endpoint security stage at Gartner Peer Insights, it has propelled an exploration division and is presently accessible on the AWS advertise.

6).Darktrace:-

        One of the primary reasons Darktrace was embraced by Internet clients is its productivity and, obviously, its corporate invulnerable framework. . It is an ongoing danger discovery framework. Darktrace utilizes exceptional calculations that examine a lot of client information from a particular system, which thus builds up a lot of "ordinary" client activities.

7).Digital Shadows:-

         Digital Shadows is a company that aims to reduce a company's digital risks and avoid unwanted exposures. They specialize in threat intelligence and help companies better contextualize data to prioritize and manage security incidents. Its SearchLight tool is unique in that it allows certain unique identifiers to be used with machine learning to identify larger threats and sift through the deep, dark, open web.

* Future scope of Cloud Security :-

1). Cost-benefit analysis. 

          The key measure is that cloud must reduce capital and operational expenses without sacrificing user functionality, such as availability. 

The best delivery model for cloud functionality is a hardware-agnostic approach that embraces the commodity architectures in use by the world’s leading Internet and SaaS providers. This can be achieved through low-cost commodity servers and disks coupled with intelligent management software, providing true cloud-based economies of scale and efficiency.

2). Robust security.

            When you move to the cloud, you’re entrusting the organization’s intellectual property to a third party. Do their security standards meet the needs of your business? Even the smallest entry point can create an opening for unauthorized access and theft. Authentication and access controls are even more critical in a public cloud where cluster attacks aimed at a hypervisor can compromise multiple customers.

      Ideally, the cloud provider should offer a broad set of security solutions enabling an information-centric approach to securing critical interfaces – between services and end users, private and public services, as well as virtual and physical cloud infrastructures.

3). Data availability.

              As cloud places new demands on storage infrastructure, data availability, integrity, and confidentiality must be guaranteed. Often, these provisions come with vendors who offer massive scalability and elasticity in their clouds. To make this approach manageable for customers, cloud vendors must offer tools that provide visibility and control across heterogeneous storage platforms. The final test for cloud storage is interoperability with virtual infrastructures. 

4). Regulatory compliance. 

              Cloud computing brings a host of new governance considerations. Organizations must evaluate the ability of the cloud provider to address the company’s own regulations, national and worldwide rules for conducting business in different regions, and customer needs.

         For example, many healthcare customers will require SOX and HIPAA compliance while financial customers must comply with Gramm-Leahy-Biley and Red Flags.

5). Check the fine print. 

            Don’t forget to thoroughly evaluate your organization’s SLA requirements and ensure the cloud provider can and is legally responsible to deliver on these provisions. The most common SLAs relate to disaster recovery services. Make sure a contingency plan is in place to cover against outages. In the event of a disaster, is the facility hosting your data able to quickly offload into another data center? On a related note, an SLA best practice is to perform data classification for everything – including customer data – being considered for cloud migration. 

These five critical business considerations serve as a checklist for building trust into the cloud. This trust is crucial as the consumerization of IT continues to redefine the goals and requirements of IT organizations.

* IT certifications for Cloud Security knowledge:-

        There are a few out there, some being:

• Certified Cloud Operator 
• Certified Cloud Architect
• IBM Certified Solutions Advisor 
• Cloud Computing Foundation Certification
  
• (ISC)² - CCSP – Certified Cloud Security Professional
• AWS Certified Security – Specialty
• Cloud Credential Council - Professional Cloud Security Manager certification (PCS)
• EXIN - Certified Integrator Secure Cloud Services

* Some key research topics in cloud computing are: -

-> Load balancing.

-> Security and integrity.

-> Confidentiality in multi-tenant clouds.

-> Virtualization.

-> Data recovery and backup.

-> Segregation and data recovery.

-> Secure architecture in the cloud.

-> Cryptography in the cloud.