A Cloud SecDevOps Methodology: From Design to Testing

Casola, Valentina; Benedictis, Alessandra De; Rak, Massimiliano; Salzillo, Giovanni

doi:10.1007/978-3-030-58793-2_26

Cited by 8 publications

(1 citation statement)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hence, adopting Security-by-Design through developing and implementing the Cloud Security Controls document is vital. The Security-by-Design approach, as defined by Casola et al (2020) and Santos, Tarrit, and Mirakhorli (2017), is designing the software from the foundation to be secure. At this aim, the alternate security tactics and patterns are first thought and, among them, the best are selected and enforced by the application designer, and then used as guiding principles for developers.…”

Section: Cloud Security Controlsmentioning

confidence: 99%

Secure Cloud Migration Strategy (SCMS): A Safe Journey to the Cloud

Alharthi

2023

iccws

View full text Add to dashboard Cite

The state of cloud security is evolving. Many organizations are migrating their on-premises data centers to cloud networks at a rapid pace due to the benefits like cost-effectiveness, scalability, reliability, and flexibility. Yet, cloud environments also raise certain security concerns that may hinder their adoption. Cloud security threats may include data breaches/leaks, data loss, access management, insecure APIs, and misconfigured cloud storage. The security challenges associated with cloud computing have been widely studied in previous literature and different research groups. This paper conducted a systematic literature review and examined the research studies published between 2010 and 2023 within popular digital libraries. The paper then proposes a comprehensive Secure Cloud Migration Strategy (SCMS) that organizations can adopt to secure their cloud environment. The proposed SCMS consists of three main repeatable phases/processes, which are preparation; readiness and adoption; and testing. Among these phases, the author addresses tasks/projects from the different perspectives of the three cybersecurity teams, which are the blue team (defenders), the red team (attackers), and the yellow team (developers). This can be used by the Cloud Center of Excellence (CCoE) as a checklist that covers defending the cloud; attacking and abusing the cloud; and applying the security shift left concepts. In addition to that, the paper addresses the necessary cloud security documents/runbooks that should be developed and automated such as incident response runbook, disaster recovery planning, risk assessment methodology, and cloud security controls. Future research venues and open cloud security problems/issues were addressed throughout the paper. The ultimate goal is to support the development of a proper security system to an efficient cloud computing system to help harden organizations’ cloud infrastructures and increase the cloud security awareness level, which is significant to national security. Furthermore, practitioners and researchers can use the proposed solutions to replicate and/or extend the proposed work.

show abstract

Section: Cloud Security Controlsmentioning

confidence: 99%