Security for cloud services.

There are many advantages and benefits of using cloud computing, such as flexibility in the use of technology, reduction of costs and expenses, etc. However, as data, systems, and services move to the cloud, companies are exposed to serious issues regarding security, internal and regulatory compliance.

Facing this situation means implementing a cloud security system to proactively detect and eliminate information security threats in a context where confidential and business-critical information is shared. This system ensures compliance with industry regulations and company security guidelines or those defined for information security in relation to the ISO 27000 family of standards.

Implementing cloud computing as a business strategy also means big changes. Not only does it change the way the organization manages its services, but it also changes the way users interact. Information, systems, and services present significant risks to information security and need a way to mitigate effectively while ensuring compliance with business, security, and regulatory objectives. Security for cloud computing can be addressed through ISO/IEC 27017:2015, and implementation of information security controls can be aligned to ISO/IEC 27002.

According to the Cloud Security Alliance (CSA), some of the best-known threats to cloud managed services are:

• “Abuse and misuse of cloud computing”
• “Insecure interfaces and APIs”
• “Internal threat”
• “Problems arising from shared technologies”
• “Loss or leakage of information”
• “Session or service hijacking”
• “Risks due to ignorance”, among others.