|
|
| (51 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| [[File:NIST Cloud Computing Security Reference Architecture (9029002396).jpg|right|500px|thumb|'''Figure 3.''' The ''NIST Cloud Computing Security Reference Architecture'' provides a security overlay to the ''NIST Cloud Computing Reference Architecture'', published in 2011.]]In a 2010 Cloud Computing Adoption Survey by Mimecast, the leading response (46 percent of surveyed IT managers) to the question "Why did you decide against moving to the cloud?" was "security concerns."<ref name="MimecastCloud10">{{cite web |url=https://system.netsuite.com/core/media/media.nl?id=181214&c=601905&h=2ef3796f7c4d9c8a585e&_xt=.pdf |format=PDF |title=Cloud Computing Adoption Survey |author=Mimecast |date=2010 |accessdate=21 August 2021}}</ref> In a separate survey published around the same time by the IEEE and Cloud Security Alliance, "93 percent of respondents said the need for [[cloud computing]] security standards is important; 82 percent said the need is urgent."<ref name="CSASurvey10">{{cite web |url=https://cloudsecurityalliance.org/press-releases/2010/03/01/survey-by-ieee-and-cloud-security-alliance-details-importance-and-urgency-of-cloud-computing-security-standards/ |title=Survey by IEEE and Cloud Security Alliance Details Importance and Urgency of Cloud Computing Security Standards |author=IEEE; Cloud Security Alliance |publisher=Cloud Security Alliance |date=01 March 2010 |accessdate=21 August 2021}}</ref> Fast-forward 10 years and it's easy to see worries about cloud security have eased somewhat in comparison. A Cloud Threat Report by Oracle and KPMG in 2020 found that "40% of [[cybersecurity]] and IT professionals from private and public businesses perceive public clouds as more secure than on-premise environments ... 12% believe public clouds are no more secure or insecure than what they can deliver with on-premises environments, and 2% think public clouds are less secure."<ref name="Bizga40_20">{{cite web |url=https://securityboulevard.com/2020/05/40-of-it-professionals-believe-that-public-clouds-are-more-secure-than-on-premise-environments/ |title=40% of IT professionals believe that public clouds are more secure than on-premise environments |author=Bizga, A. |work=Security Boulevard |date=19 May 2020 |accessdate=21 August 2021}}</ref> A survey less than a year before found similar numbers, also noting, however, that while confidence in cloud security was strong, a strong majority of respondents (71 percent) still believe there are at least moderate concerns about "malicious activity in cloud systems."<ref name="CCCloud19">{{cite web |url=https://www.continuitycentral.com/index.php/news/technology/4384-cloud-is-safer-than-on-premise-say-that-majority-of-security-leaders |title=Cloud is safer than on-premise say that majority of security leaders |publisher=Continuity Central |date=04 September 2019 |accessdate=21 August 2021}}</ref>
| | {{Saved book |
| | |title=Introduction to Quality and Quality Management Systems |
| | |subtitle= |
| | |cover-image=Time-Quality-Money.png |
| | |cover-color=#fffccc |
| | | setting-papersize = A4 |
| | | setting-showtoc = 1 |
| | | setting-columns = 1 |
| | }} |
|
| |
|
| To be sure, there are undoubtedly opportunities for malicious activity within the cloud, which has its own share of complexities. While cloud computing is internet-based (i.e., networked), a networking approach based on normal internet and network standards is not sufficient to address the complexities inherent to many cloud computing implementations.<ref name="MaurerCloud20">{{cite web |url=https://carnegieendowment.org/2020/08/31/cloud-security-primer-for-policymakers-pub-82597 |title=Cloud Security: A Primer for Policymakers |author=Maurer, T.; Hinck, G. |publisher=Carnegie Endowment for International Peace |date=31 August 2020 |accessdate=21 August 2021}}</ref> From integrating public and private clouds to meeting regulations mandating localized data storage, additional considerations must be made as to how best ensure standardized cloud services remain driven on solid security principles. With the transition to cloud, on-site data storage has moved online, with its own set of security nuances. Additionally, increased scalability, interfacing, and proximity to other networked data and systems adds more complexity to security.<ref name="KasperskyWhatIs">{{cite web |url=https://usa.kaspersky.com/resource-center/definitions/what-is-cloud-security |title=What is Cloud Security? |work=Resource Center |publisher=AO Kaspersky Lab |date=2021 |accessdate=21 August 2021}}</ref> As complexity is added, a more standardized approach is called for. Just as the Cloud Native Computing Foundation's (CNCF's) Certified Kubernetes Conformance Program attempts to ensure a standardized conformance of all Kubernetes instances to the Kubernetes [[application programming interface]]s (APIs) for consistency and interoperability across cloud platforms<ref name="SarrelWhyCloud20">{{cite web |url=https://www.hpe.com/us/en/insights/articles/why-cloud-native-open-source-kubernetes-matters-2002.html |title=Why cloud-native open source Kubernetes matters |author=Sarrel, M. |work=enterprise.nxt |publisher=Hewlett Packard Enterprise |date=04 February 2020 |accessdate=21 August 2021}}</ref>, standards organizations like the Institute of Electrical and Electronics Engineers (IEEE), [[International Organization for Standardization]] (ISO), and National Institute of Standards and Technology (NIST) develop standards and guidelines to ensure quality and security across all cloud computing platforms.<ref name="IEEE2301_20">{{cite web |url=https://standards.ieee.org/standard/2301-2020.html |title=IEEE 2301-2020 - IEEE Guide for Cloud Portability and Interoperability Profiles (CPIP) |publisher=IEEE Standards Association |date=30 January 2020 |accessdate=21 August 2021}}</ref><ref name="KirvanTop20">{{cite web |url=https://searchcompliance.techtarget.com/tip/Top-cloud-compliance-standards-and-how-to-use-them |archiveurl=https://web.archive.org/web/20201221150028/https://searchcompliance.techtarget.com/tip/Top-cloud-compliance-standards-and-how-to-use-them |title=Top cloud compliance standards and how to use them |author=Kirvan, P. |work=TechTarget SearchCompliance |date=17 December 2020 |archivedate=21 December 2020 |accessdate=21 August 2021}}</ref>
| | ==''Introduction to Quality and Quality Management Systems''== |
| | {{ombox |
| | | type = content |
| | | style = width: 500px; |
| | | text = This book should not be considered complete until this message box has been removed. This is a work in progress. |
| | }} |
| | The goal of this short volume is to act as an introduction to the quality management system. It collects several articles related to quality, quality management, and associated systems. |
|
| |
|
| The next few sections examine the various organizations, agencies, and industries developing and promoting standards, guidelines, and recommendations that shape the proper use of cloud computing platforms. Note that you won't see much about [[Laboratory|laboratories]] and cloud computing in this chapter, as we pan outward and look at cloud standards and security from up high. We'll focus on how all this information relates to laboratories in the coming chapters. | | ;1. What is quality? |
| | :''Key terms'' |
| | :[[Quality (business)|Quality]] |
| | :[[Quality assurance]] |
| | :[[Quality control]] |
| | :''The rest'' |
| | :[[Data quality]] |
| | :[[Information quality]] |
| | :[[Nonconformity (quality)|Nonconformity]] |
| | :[[Service quality]] |
| | ;2. Processes and improvement |
| | :[[Business process]] |
| | :[[Process capability]] |
| | :[[Risk management]] |
| | :[[Workflow]] |
| | ;3. Mechanisms for quality |
| | :[[Acceptance testing]] |
| | :[[Conformance testing]] |
| | :[[Clinical quality management system]] |
| | :[[Continual improvement process]] |
| | :[[Corrective and preventive action]] |
| | :[[Good manufacturing practice]] |
| | :[[Malcolm Baldrige National Quality Improvement Act of 1987]] |
| | :[[Quality management]] |
| | :[[Quality management system]] |
| | :[[Total quality management]] |
| | ;4. Quality standards |
| | :[[ISO 9000]] |
| | :[[ISO 13485]] |
| | :[[ISO 14000|ISO 14001]] |
| | :[[ISO 15189]] |
| | :[[ISO/IEC 17025]] |
| | :[[ISO/TS 16949]] |
| | ;5. Quality in software |
| | :[[Software quality]] |
| | :[[Software quality assurance]] |
| | :[[Software quality management]] |
|
| |
|
| ==References==
| | <!--Place all category tags here--> |
| {{Reflist|colwidth=30em}}
| |
