User:Shawndouglas/sandbox/sublevel1

From LIMSWiki
Jump to navigationJump to search
Figure 3. The NIST Cloud Computing Security Reference Architecture provides a security overlay to the NIST Cloud Computing Reference Architecture, published in 2011.

In a 2010 Cloud Computing Adoption Survey by Mimecast, the leading response (46 percent of surveyed IT managers) to the question "Why did you decide against moving to the cloud?" was "security concerns."[1] In a separate survey published around the same time by the IEEE and Cloud Security Alliance, "93 percent of respondents said the need for cloud computing security standards is important; 82 percent said the need is urgent."[2] Fast-forward 10 years and it's easy to see worries about cloud security have eased somewhat in comparison. A Cloud Threat Report by Oracle and KPMG in 2020 found that "40% of cybersecurity and IT professionals from private and public businesses perceive public clouds as more secure than on-premise environments ... 12% believe public clouds are no more secure or insecure than what they can deliver with on-premises environments, and 2% think public clouds are less secure."[3] A survey less than a year before found similar numbers, also noting, however, that while confidence in cloud security was strong, a strong majority of respondents (71 percent) still believe there are at least moderate concerns about "malicious activity in cloud systems."[4]

To be sure, there are undoubtedly opportunities for malicious activity within the cloud, which has its own share of complexities. While cloud computing is internet-based (i.e., networked), a networking approach based on normal internet and network standards is not sufficient to address the complexities inherent to many cloud computing implementations.[5] From integrating public and private clouds to meeting regulations mandating localized data storage, additional considerations must be made as to how best ensure standardized cloud services remain driven on solid security principles. With the transition to cloud, on-site data storage has moved online, with its own set of security nuances. Additionally, increased scalability, interfacing, and proximity to other networked data and systems adds more complexity to security.[6] As complexity is added, a more standardized approach is called for. Just as the Cloud Native Computing Foundation's (CNCF's) Certified Kubernetes Conformance Program attempts to ensure a standardized conformance of all Kubernetes instances to the Kubernetes application programming interfaces (APIs) for consistency and interoperability across cloud platforms[7], standards organizations like the Institute of Electrical and Electronics Engineers (IEEE), International Organization for Standardization (ISO), and National Institute of Standards and Technology (NIST) develop standards and guidelines to ensure quality and security across all cloud computing platforms.[8][9]

The next few sections examine the various organizations, agencies, and industries developing and promoting standards, guidelines, and recommendations that shape the proper use of cloud computing platforms. Note that you won't see much about laboratories and cloud computing in this chapter, as we pan outward and look at cloud standards and security from up high. We'll focus on how all this information relates to laboratories in the coming chapters.

References

  1. Mimecast (2010). "Cloud Computing Adoption Survey" (PDF). https://system.netsuite.com/core/media/media.nl?id=181214&c=601905&h=2ef3796f7c4d9c8a585e&_xt=.pdf. Retrieved 21 August 2021. 
  2. IEEE; Cloud Security Alliance (1 March 2010). "Survey by IEEE and Cloud Security Alliance Details Importance and Urgency of Cloud Computing Security Standards". Cloud Security Alliance. https://cloudsecurityalliance.org/press-releases/2010/03/01/survey-by-ieee-and-cloud-security-alliance-details-importance-and-urgency-of-cloud-computing-security-standards/. Retrieved 21 August 2021. 
  3. Bizga, A. (19 May 2020). "40% of IT professionals believe that public clouds are more secure than on-premise environments". Security Boulevard. https://securityboulevard.com/2020/05/40-of-it-professionals-believe-that-public-clouds-are-more-secure-than-on-premise-environments/. Retrieved 21 August 2021. 
  4. "Cloud is safer than on-premise say that majority of security leaders". Continuity Central. 4 September 2019. https://www.continuitycentral.com/index.php/news/technology/4384-cloud-is-safer-than-on-premise-say-that-majority-of-security-leaders. Retrieved 21 August 2021. 
  5. Maurer, T.; Hinck, G. (31 August 2020). "Cloud Security: A Primer for Policymakers". Carnegie Endowment for International Peace. https://carnegieendowment.org/2020/08/31/cloud-security-primer-for-policymakers-pub-82597. Retrieved 21 August 2021. 
  6. "What is Cloud Security?". Resource Center. AO Kaspersky Lab. 2021. https://usa.kaspersky.com/resource-center/definitions/what-is-cloud-security. Retrieved 21 August 2021. 
  7. Sarrel, M. (4 February 2020). "Why cloud-native open source Kubernetes matters". enterprise.nxt. Hewlett Packard Enterprise. https://www.hpe.com/us/en/insights/articles/why-cloud-native-open-source-kubernetes-matters-2002.html. Retrieved 21 August 2021. 
  8. "IEEE 2301-2020 - IEEE Guide for Cloud Portability and Interoperability Profiles (CPIP)". IEEE Standards Association. 30 January 2020. https://standards.ieee.org/standard/2301-2020.html. Retrieved 21 August 2021. 
  9. Kirvan, P. (17 December 2020). "Top cloud compliance standards and how to use them". TechTarget SearchCompliance. Archived from the original on 21 December 2020. https://web.archive.org/web/20201221150028/https://searchcompliance.techtarget.com/tip/Top-cloud-compliance-standards-and-how-to-use-them. Retrieved 21 August 2021.