This security guide focus their interest in the following areas:
- Cloud Architecture
- Governing in the Cloud
- Operating in the Cloud
The new issues introduced into this version respect to 2.0 is the following security domains:
-Domain 3: Legal issues: Contracts and Electronic Discovery.
-Domanin 4: Information Management
-Domain 14: Security as Service (SecaaS)
Now, I'm going to introduce what means SecaaS.
One of the milestones of the maturity of cloud as a platform for business operations is the adoption of Security as a Service (SecaaS) on a global scale and the recognition of how security can be enhanced. The worldwide implementation of security as an outsourced commodity will eventually minimize the disparate variances and security voids.
SecaaS is aimed to secure systems and data in the cloud as well as hybrid and traditional enterprise networks via cloud-based services. These systems may be in the cloud or more traditionally hosted within the customer’s premises. An example of this might be the hosted spam and AV filtering.
History of Security Guidance:
I strong recomended the read of this guidance if you want to know the most security issues in the Cloud Computing! It's an excelent security guide, where you can find things like that:
|Mapping the Cloud Model to Security Control and Compliance|