Outlines the division of responsibility between the cloud service provider and the customer
Responsibility Matrix
Provide specialized services that end efficiency of cloud solutions
Third-Party Vendors
Combine on-premise infrastructure, private cloud service, and public cloud services
Hybrid Solution
Computing infrastructure that’s physically located on-site at a business
On-premise Solutions
System’s ability to be accessed when needed
Availability
System’s ability to recover from failures and continue to function
Resilience
It’s essential to consider both the immediate and long-term costs of cloud adoption
Cost
Speed at which the system can adapt to changes in demand
Responsiveness
Cloud services are easier to deploy than on-premise solutions
Ease of Deployment
When using the cloud services, some risks are transferred to the provider
Risk Transference
Cloud service providers regularly release patches to fix vulnerabilities
Patch Availability
Businesses might not be able to apply patches due to compatibility issues
Inability to Patch
Customers don’t have to worry about power consumption
Power
Amount of computational resources that a customer can use
Compute
Can lead to vulnerabilities if one user’s data is compromised
Shared Physical Server Vulnerabilities
Can lead to unauthorized access, data breaches, and other security incidents
Inadequate Virtual Environment Security
Can lead to unauthorized access to sensitive data and systems
User Access Management
Can lead to leaving the system vulnerability to new threats
Lack of Up-to-date Security Measures
Can lead to a complete system outage affecting all users
Single Points of Failure
Can lead to allowing unauthorized users to gain access to cloud systems
Weak Authentication and Encryption Practices
Lack of clear guidelines or procedures for various security aspects
Unclear policies
Residual data left behind after deletion or erasure processes
Data Remnants
Technology that allows for the emulation of servers
Virlualization
Lightweight alternative to full machine virtualization
Containerization
-
Data Protection37
-
Cryptographic Solutions20
-
Fundamentals of Security59
-
Threat Actors40
-
Physical Security25
-
Social Engineering34
-
MALWARE27
-
Third-Party Vendor Risks26
-
Security Infrastructure93
-
Governance and Compliance39
-
Vulnerabilities and Attacks49
-
Asset and Change Management36
-
Cyber Resilience and Redundancy51
-
Security Techniques58
-
Security Architecture40
-
Incident Response33
-
Alerting and Monitoring20
-
Identity and Access Management Solution57
-
HARDENING25
-
Vulnerability Management20
-
Malicious Activity31
-
Security Awareness13
-
Investigating an Incident10
-
Orchestration and Automation31
-
Areas Need Improvement13
-
Test-Data Monitoring10
