Review this video to get up to speed on the 5 elements of cloud security. Cloud security includes IT security as we know it, but will evolve to be more mature than that. In the video I elaborate on those 5 as they have evolved. Then I will talk about how cloud changes our approach to those five elements.
Here is a summary of the points in the video.
Five elements of cloud security
Historically, IT security started with infrastructure security. Just protecting the data center was good enough. But that was before we had data communications.
When data started to escape the confines of the data center we needed to protect it. Typically through encryption. Hence we need data security.
As the world wide web developed, we saw applications being exposed to it, and frankly, be vulnerable. So that is when application security started to become more important.
With the proliferation of applications, both within the enterprises and outside of it, keeping track of user access became more important too. That is when we start talking more about user security (or identity management).
Finally, as we are outsourcing to more and more individual software and cloud companies, we need to structure our oversight of those service relationships. That requires governance over contracts, SLAs, and more.
Cloud computing is having an impact on all of these five elements. Some are made easier, some increase in significance, some will change shape. Watch the video for more details.
CCSK body of knowledge
If you want to dive deeper into these elements of cloud security, have a look at the CCSK Body of Knowledge. And sign up for my newsletter to learn more about CCSK v4 and cloud computing.
CCSK online training
I deliver the CCSK online training in three different packages. Find the one that best matches your learning objectives and background. Not ready for the full training yet? Go to the bottom of this page (link) to get some free resources.
Very grateful. Thank you!
I have appreciated very well most topics and particulary the Security Risk & compliance topics. Comparison on IT process on premise with those in the Cloud is quite good. But, it could be done deeper.
This class is great. Good balance between you talking, and us chatting. You keep control of the syllabus and the schedule, and we provide some information on what the facts mean to us and how we understand them in our context. Brilliant stuff.
Very professional domain, but very clear explained! Thanks
Most useful: Technical context, risk knowledge and exam approach
Experienced trainer. Reflects his experience well within the context
Peter is incredibly knowledgeable and takes the time to answer questions and actually work with his students. The course is also an amazing way to learn how AWS actually works and, by the end of the labs, you feel ready to manage your own cloud! The materials are easy to understand and yet technical enough to get real-life security implemented. This was a great course and far beyond most of the accreditation courses I have completed.
I attended Peter's CCSK-training and found it very useful, because 1) the sessions gave me more insight on several other aspects of cloud computing than only security, 2) it "inspired" (/forced) me to study the CSA guide/ENISA more thorughly and not least 3) I manage to pass the exam 🙂
I had very little to no experience wit the CLOUD, so this training was incredibly valuable to me. My new professional responsibilities are becoming more and more cloud centric. I have a greatly improved level of confidence because I know I have a solid educational foundation that the training and exam preparation has provided for me. I cannot recommend it highly enough!