cloud security project
1. With different types of cloud service delivery, what are the different licensing
requirements that an owner must be aware of when moving to the cloud.
2. Discuss Shared technology vulnerabilities in the cloud,
3. How does a customer know what software versions cloud providers are using? Without
that knowledge how can they do a proper risk assessment?
4. What policies should be in place for users to help reduce cloud based threats.
5. How can a consumer evaluate the physical security of their cloud provider? What
standards should apply. What external and internal barriers should be in place? What
access controls? What sort of surveillance should be provided, power redundancy, and
fire suppression? Is a service contract sufficient? Should physical inspection be
available? What about physical location? Are their volcanoes, tornadoes, earthquakes or
other natural disasters common? Is the site near political unrest? Access to water?
Outside temperature? Is there a physical buffer? Should the walls be made of ballistic
material to withstand explosions? Staffing
6. Discuss the four tiers of Uptime Institutes functional recommendations for physical
security for data centers.
7. What is a hypervisor? Differentiate between type I and type II. What are the security
vulnerabilities of each?
8. Which is better for security server virtualization or application isolation? Why?
9. What are desktop virtualization, storage virtualization, memory virtualization, network
virtualization? What are the security issues and benefits for each
10. Global boundaries and the cloud – separating politics from security
11. The relationship of net neutrality and cloud security
12. Ensuring Proper Access Control in the Cloud?
13. Cloud security risks from misconfiguration
14. Cloud service interruptions from DDOS
15. Preventive controls for Internal (non-routable) security threats
16. Detective Controls for routable and non-routable addresses
17. How security zones, groups or domains have replaced traditional zones and tiers
18. On being a cloud broker -tasks and challenges
19. Trust boundaries and division of responsibilities
20. Elasticity effect on threat surface
21. How to insure that your cloud provider has appropriate detective and preventive controls
in place
22. How to secure virtualization layer
23. Threats to the hypervisor
24. What hardening means
25. Top ten recommendations for securing virtual servers
26. Vulnerabilities resulting from web programming frameworks
27. Preventing attacks on web applications
28. The relationship between DOS attacks and your cloud invoice
29. Good browser hygiene and cloud security
30. Compartmentalization and isolation in virtual multi-tenant environments
31. Security standards in PaaS API design
32. FIPS
33. Data Protection techniques under the The Data Accountability and Trust Act
34. Comparing block symmetric algorthms with streaming symmetric algorthms
35. Message authentication codes and hash functions.
36. Externalizing authentication: Trust Boundaries and IAM
37. Sustaining IAM with rapid turnover and job changes
38. IAM Compliance Management
39. Identity Federation Management
40. OAUTH
41. ITIL
42. ISO 27001/27002
43. Vulnerability and Risk assessment
44. Incident response
45. What can we learn from CCID (Cloud Computing Incidents Database
46. Cloud Health monitoring (internal and 3rd party)
47. Reading a Cloud Security Provider agreement
48. Discussing the data life cycle in the context of cloud computing
49. Facebook’s new privacy initiative
50. Cloud Security and the Federal Rules of Civil Procedure