Cloud Computing Security: What i learnt during the training which i led
Earlier today, I did my first physical training on cloud computing security with a group of professionals at the organisation's head office. The firm's setup was top-notch, and I was a bit intimidated by the firm structure and how posh-looking the people I was supposed to train were looking. However, I was able to brush off the pressure as I requested that we take a 10-minute pause after we had an introduction of who the participants were and the post they held.
After the 10 minutes pause, I stood up and started talking. I noticed that I discovered I could not stop talking as soon as I opened my mouth. I kept talking about cloud computing and explained the correlation between cybersecurity and information security in the cloud. I discussed how government regulation would likely affect cloud adoption and how a cloud service or deployment model could affect the organisation's governance and enterprise risk management. It was during the course of the training that I got to find out about this, and it's an eye-opener for me.
I had always known that conducting a risk assessment for the assets on the cloud is a must, and that helps us fish out deficiencies and look for ways to ensure that these deficiencies are being treated. This risk assessment is different from the information security risk assessment. However, it has to be built in accordance with the enterprise risk frame in use within the organisation. This enterprise framework also provides the basis for the firm's information security.
I discovered that cloud computing might be a very broad subject. However, when we are talking about the security of cloud computing, it's something someone learns within a space of 2- 3 hours due to the fact that these security controls are tools and could be automated. The cloud service providers offer these security tools, while you could go further to comment tools from other vendors.
Also, I learned why having a contract with the cloud service provider is important. One of the importance is that it states what the providers expect regarding functionality and security. Also, it defines what aspect of security the cloud service provider will handle based on the cloud service model in use. Cloud service models are Saas, Paas and Iaas, and the deployment models are public, private and community (I have known all of these aspects before, but it feels good to refresh you guy's memory).
The biggest thing I learnt today was to believe in myself. Because I was a bit scared at first based on the calibre of people I was to train. I almost chickened out, but then I started, and I saw how they sat in silence and listened to every word I said. They asked questions for clarification and interacted with me like a colleague. It was then I realised that I am actually good at what I do.
Thanks for reading
Posted Using LeoFinance Alpha
Congratulations @lebey1! You received a personal badge!
You can view your badges on your board and compare yourself to others in the Ranking
Check out our last posts:
Support the HiveBuzz project. Vote for our proposal!